[Openid-specs-ab] Issue #897: New Core - 2. Authentication - Add new text (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Sun Nov 3 21:40:53 UTC 2013

New issue 897: New Core - 2. Authentication - Add new text

Nat Sakimura:

Add more text to help the readers. 

Proposed text: 

2. Authentication

Authentication is typically performed to log in the End-User or to determine that the End-User is already logged in. OpenID Connect carries the result of the Authentication performed by the Server to the Client in a secure manner so that the Client can rely on it. For this reason, the Client in this case is called Relying Party (RP). 

The Authentication result is conveyed via a security Token called ID Token. It has Claims expressing such information as the issuer, the subject identifier, the timing when the authentication was performed etc. of the security token. Refer to section and for more details.

Authentication Requests can follow one of three paths: 
the Authorization Code Grant (response_type=code)
the Modified Implicit Grant (response_type=token id_token or id_token)
the Hybrid Grant (other response types defined in [Multi-Response])
Following is a non-normative table expressing some guidance on which grant to chose among the above three. 

More information about the Openid-specs-ab mailing list