Security also: OpenID Connect

OIDC

Identity layer on top of OAuth 2.0 — adds an ID token (JWT).

In plain terms

Standardises "who is the user". Issued alongside the access token after auth code exchange.

Origin

OpenID Connect 1.0 (2014). Built by the OpenID Foundation, led by Nat Sakimura and John Bradley, as the identity layer on top of OAuth 2.0 that the original OAuth working group declined to specify.

Where it shows up in production

Sign in with Google/Apple/Microsoft All three return an OIDC ID token alongside the OAuth access token.
Kubernetes OIDC auth kube-apiserver accepts ID tokens issued by an external OIDC provider for cluster authn.
Auth0 / Okta / Cognito All major IdP-as-a-service products implement OIDC as the primary login protocol.

On Semicolony

Guide oidc

Sources & further reading

RFC OpenID Connect Core 1.0
Docs Auth0 — OIDC docs

Found this useful?