What is OpenID Connect?¶
OpenID Connect is a standard that is built on top of Oauth 2.0. It provides support for user authentication, and among others, allow the clients to obtain end-user identity attributes in an interoperable manner and manage multiple sessions. It is meant to be a lightweight, modern, JSON-based alternative for SAML.
The OpenID Connect specification defines Relying Party (RP) as an OAuth 2.0 Client requiring End-User authentication, and OpenID Provider (OP) as an OAuth 2.0 Authentication Server which performs this authentication. As a result of successful authentication, the OpenID Provider issues an ID Token which is a JWT-compliant JSON object containing a set of claims - user identity attributes.
Onegini Access acts as an OpenID Provider which manages the ID Tokens and authentication process. Onegini Access, however, does not manage the identity by itself, the actual authentication is delegated to an Identity Provider.
Onegini Access exposes claims via User Info endpoint. See User Info for the API reference.
Json Web Key Set¶
Onegini Access exposes keys used for calculating the digital signature of the ID Token via the JWKS endpoint.
ID Token encryption (JSON Web Encryption)¶
The ID Token can be encrypted to hide sensitive claims. By default this feature is turned off. See ID Token encryption for more information.
Onegini Access supports session management. See Session Management for more details.