[OpenID] openid connect. what is it?

Nat Sakimura sakimura at gmail.com
Thu Sep 19 23:16:48 UTC 2013 

This page may help you understand what OpenID Connect is based on your understanding of OAuth. 

http://nat.sakimura.org/2013/07/05/identity-authentication-oauth-openid-connect/

ID Token has been used by google for sometime. 
It's predecessor, signed request of Facebook has been used very widely as well. 

=nat via iPhone

Sep 20, 2013 7:33、Peter Williams <home_pw at msn.com> のメッセージ:

> Having deployed an isp-class oauth service, I feel I know what OAUTH is (finally). Rather than have an embedded authentication website, it does websso to an IDP. In other words, the AS is itself an websso SP.
>  
> Now, I understand that a few tweaks of messages in OAUTH allows that AS-webssoSP bridge to invoke a selector screen - by which users choose IDPs from a list. And, I understand that the OAUTH tweaks might indicate which of several IDP lists to use, where a OAUTH IDP-class service can tune-its self up to offer multiple private label experiences, selected by some or other label sent in an OAUTH message.
>  
> Is that ALL opened "connect" is? (a way of hosting lots of identity selector pages, together with the config of the IDP metadata, etc; and a way of choosing which page of selections to present)?
>  
> Ive also seen hints that "companion" JWTs  might accompany the access token. Known as id-tokens, they don't actually seem to exist in the wild (not having escaped the paper lab, yet). As far as I can tell, they are just JWTs with more than the nameid claim, thereby avoiding a per-IDP API call (just to collect a yahoo API's vs facebook APIs member record claimset).
>  
> Is this opened connect?
>  
> I've also seen hints that the companion JWT is supposed to be a mobile account-linking record; similar to the old account linking service elements of OASIS. is this opened connect? If there is "evidence" that several access tokens all relate to a common persistent name (ahem XRD id, for structured names) represented by the id-token, is this openid connect?
>  
>  
>  
>  
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20130920/464d3178/attachment.html>

More information about the general mailing list