Post Page Advertisement [Top]

What is OpenID Connect?



OpenID Connect is an interoperable authentication protocol built on top of OAuth 2.0. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users.

1.       The user clicks on Login with Auth0 on a web application.

2.       The web application (Client Application) sends a GET request to the Identity Provider such as Auth0, WSO2 Identity server, etc. – Request to the authorization server.

The request includes the following.

Parameter

Description
Value
scope
REQUIRED
OpenID Connect requests MUST contain the openid scope value. Additionally, other defined scopes such as profile, email can be specified.
openid profile
response_type
REQUIRED
Determines the authorization processing value to be used. For authorization code grant type, the value is, code.
code
client_id
REQUIRED
The client application identifier issued by the Authorization server.

redirect_uri
REQUIRED
Redirection URI to which the response will be sent. This URI must be pre-registered at the Authorization server/ Identity Provider.

state
RECOMMENDED
Opaque value used to maintain state between the request and the callback

Ex:
      String url ="https://mifraz.auth0.com/authorize"+
                    "?audience=https://mifraz.auth0.com/api/v2/"+
                    "&scope=openid profile"+
                    "&response_type=code"+
                    "&client_id=DpeGsXwMZuainG5XzDs1tRDmcdnbu86n"+
                    "&redirect_uri=http://localhost:9999/oauth/access"+
                    "&state=123";
      All the parameter values should be URL encoded. (https://meyerweb.com/eric/tools/dencoder/)

2.       Show the login page if the user is not logged in (Authentication) and get the user authorization to provide the user details to the client application (User consent page).

3.       If the user is authorized to provide the details, send the authorization code to the client application for the specified callback URL (Redirection URI).
Ex:
http://localhost:9999/oauth/access?state=123&code=8b19c95f860fe61c281cb6d

4.       Request the user info by providing the authorization code received (POST Request).

//OAuth Token URL
      String auth_url = "https://mifraz.auth0.com/oauth/token";
       
//Prepare POST Request Body
      String POST_PARAMS = "grant_type=authorization_code"+
                      "&client_id=DpeGsXwMZuainG5XzDs1tRDmcdnbu86n+
                      "&client_secret=xxxxxxxxxxxxxxxxxxxxxxx"+
                      "&code=8b19c95f860fe61c281cb6d"+
                      "&redirect_uri=http://localhost:9999/oauth/access"
The redirect URI should be URL encoded.

5.       The response will include the followings
·         access_token
·         id_token
·         token_type
·         expires_in
·         scope

The id_token contains the requested user information in JWT encoded format which has the header, body and the signature. To further understand what JWT is, Refer This.

Use REST CLIENT plugin (chrome/ firefox) to test the above requests and responses.

References
https://openid.net/connect/

Bottom Ad [Post Page]

| Designed by Colorlib