Useful Links
Computer Science
Other Tools and Technologies
OAuth and OIDC
1. Introduction to Secure Delegated Access
2. OAuth 2.0 Framework Fundamentals
3. OAuth 2.0 Protocol Endpoints
4. OAuth 2.0 Tokens
5. Scopes and Permissions
6. OAuth 2.0 Authorization Grants
7. OpenID Connect Identity Layer
8. JSON Web Tokens in OAuth and OIDC
9. Security Considerations and Threats
10. Advanced OAuth and OIDC Topics
11. OAuth 2.1 Evolution
12. Implementation Guidance
OpenID Connect Identity Layer
OIDC Foundation
Building on OAuth 2.0
Authentication vs Authorization
Identity Protocol Requirements
Core OIDC Concepts
Identity Tokens
Claims-Based Identity
UserInfo Endpoint
Identity Provider Role
ID Token
Purpose and Function
Authentication Assertion
Identity Information
Security Properties
JWT Structure
Header Components
Payload Claims
Signature Verification
Standard Claims
Issuer Claim
Subject Identifier
Audience Claim
Expiration Time
Issued At Time
Authentication Time
Nonce Claim
Authentication Context Class Reference
Custom Claims
Application-Specific Information
Privacy Considerations
Token Validation
Signature Verification
Claim Validation
Nonce Verification
Time-Based Validation
OIDC Flows
Authorization Code Flow with OIDC
Standard OAuth Flow Extension
ID Token Inclusion
Security Benefits
Implicit Flow with OIDC
Direct Token Delivery
Use Cases
Security Limitations
Hybrid Flow
Mixed Token Delivery
Front-Channel and Back-Channel
Security Properties
Use Cases
UserInfo Endpoint
Purpose and Function
Access Token Requirements
Claim Retrieval
Privacy Considerations
Claims and Scopes
Standard Claim Types
Profile Claims
Email Claims
Address Claims
Phone Claims
Scope-to-Claims Mapping
Claim Request Methods
Voluntary vs Essential Claims
Previous
6. OAuth 2.0 Authorization Grants
Go to top
Next
8. JSON Web Tokens in OAuth and OIDC