OpenID Connect is a protocol for authenticating users, built on top of the OAuth 2.0 authorization framework.Using Gigya, you can act as OpenID Connect Providers (OP), authenticating users using the OpenID Connect (OIDC) protocol, or as a relying party (RP) that requests user authorization from an OP.
OpenID Connect uses the following terminology:
- Claim: Information asserted about a user, such as a first name or phone number.
- Authorization Endpoint: Performs authentication of the user using request parameters defined by OAuth 2.0 and additional parameters and parameter values defined by OpenID Connect. Returns an authorization code. This code should be sent to the token endpoint to receive an id_token and/or access_token.
- Token Endpoint: Issues an access_token, id_token and refresh_token to the RP.
- Introspection Endpoint: Used for determining the status of a current access_token (valid or invalid). If the token is valid, it also returns details about the token such as its type, the client_id of the entity that it was issued to, expiration, etc. If the token is invalid, it returns "false", and no additional information.
- Flow: OpenID provides three separate options for flows for authenticating users: Authorization Code, Implicit, and Hybrid. For more information, see OpenID Provider Setup and the OpenID specification.
- OpenID Connect Provider (OP): An identity provider that is capable of authenticating an end user and providing claims to a Relying Party. Activating your account as an OP will enable 3rd party sites (relying parties, or RPs) to authenticate their users against your existing user base. For information on setting up your OP configuration, see OpenID Provider Setup.
- Relying Party (RP): An OAuth 2.0 client application requiring end user authentication and claims from an OpenID Provider (OP). For information on setting up your RP configuration, see OpenID Connect RP Setup.
- Scope: The type of data to which RPs are granted access. For more information, see allowedScopes.
- Tokens: The JSON Web Token (JWT) returned by any of the endpoints.
- ID Token: A JWT signed by the OP that contains identity information about the user being authenticated, as well as information about the token itself, such as the time it was issued and its expiration time.
- Access Token: Used to grant or deny access to resources (authorization rather than authentication).
- Refresh Token: Used to generate a new access token.
- Code: Used in the code flow to issue an access token.
High-level Gigya OIDC Overview
RP->Gigya OP: Authorize call Gigya OP->Partner Site: Login and Consent Partner Site-->Gigya OP: Logged-in and consent success Gigya OP-->RP: User is logged in! RP->Gigya OP: Get User Info Gigya OP-->RP: User Info
OpenID Connect Protocol Coverage