Overview
OpenID Connect (OIDC) is an authentication protocol built on top of OAuth 2.0. It enables users to authenticate themselves to applications and websites using their existing accounts with third-party identity providers such as the CalNet Central Authentication Service (CAS). OpenID Connect provides a standardized way for clients (applications or websites) to verify the identity of end-users based on the authentication performed by an authorization server, and to obtain basic profile information about the users. It utilizes JSON Web Tokens (JWTs) for transmitting authentication information securely between the parties involved.
Terminology
Understanding OIDC is much easier after learning some terminology. A successful OIDC integration involves two main components:
OpenID Provider
The OpenID Provider (OP) is where applications redirect users to perform authentication and obtain authorization. The OP can also be referred to as the Identity Provider (IdP). The CalNet team hosts the OP and it is implemented via the CalNet Central Authentication Service (CAS).
Relying Party
The relying party (RP) is typically the application a user is trying to access. A user trying to access an RP will be redirected to the OpenID Provider where they will authenticate. Relying parties can also be referred to as Service Providers (SPs).