OpenID Connect

What is OIDC?

less than a minute

Learn how OIDC works, and how you can use it.

OIDC is a web standard used for generating access tokens and ID tokens, and specifying how to communicate with an OIDC-compliant Identity Provider (Authproject).

OIDC

OIDC is built on top of the OAuth2 protocol, and standardizes the endpoints and formats used for exchanging authentication information.

OpenID Configuration

In order to be OIDC compliant, we expose an endpoint called “OpenID Configuration,” where a compatible client can query us and retrieve information about how to talk to our authentication systems.

$ curl https://auth.authproject-demo.com/.well-known/openid-configuration
{
  "authorization_endpoint": "https://auth.authproject-demo.com/oauth2/authorize",
  "issuer": "https://auth.authproject-demo.com",
  "jwks_uri": "https://auth.authproject-demo.com/.well-known/jwks.json",
  "response_types_supported": [
    "code"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://auth.authproject-demo.com/oauth2/token",
  "userinfo_endpoint": "https://auth.authproject-demo.com/oauth2/userinfo"
}

The above endpoint is used by our demo application to learn how to access our authentication systems.

NOTE

The URL you use for your application will be different! It is of the form <authentication-domain>.<your-domain>.<tld>/.well-known/openid-configuration. The demo URL used above is just an example.