[Openid-specs-ab] Issue #897: New Core - 2. Authentication - Add new text (openid/connect)
issues-reply at bitbucket.org
Sun Nov 3 21:40:53 UTC 2013
New issue 897: New Core - 2. Authentication - Add new text
Add more text to help the readers.
Authentication is typically performed to log in the End-User or to determine that the End-User is already logged in. OpenID Connect carries the result of the Authentication performed by the Server to the Client in a secure manner so that the Client can rely on it. For this reason, the Client in this case is called Relying Party (RP).
The Authentication result is conveyed via a security Token called ID Token. It has Claims expressing such information as the issuer, the subject identifier, the timing when the authentication was performed etc. of the security token. Refer to section 18.104.22.168 and 22.214.171.124 for more details.
Authentication Requests can follow one of three paths:
the Authorization Code Grant (response_type=code)
the Modified Implicit Grant (response_type=token id_token or id_token)
the Hybrid Grant (other response types defined in [Multi-Response])
Following is a non-normative table expressing some guidance on which grant to chose among the above three.
More information about the Openid-specs-ab