Explanation of terms

OpenID Connect (OIDC) is a modern, open authentication protocol based on the OAuth 2.0 standard. It enables users to log in securely and conveniently to various applications with just one central login service (Identity Provider, IdP for short). OpenID Connect extends OAuth 2.0 with a standardized method for authenticating users. While OAuth 2.0 is primarily intended for authorization (access rights to resources), OIDC adds a layer for identity verification: the so-called ID token.

How does OpenID Connect work?

User:in wants to log in: The application (client) forwards the user to the identity provider.

Login at the IdP: The user authenticates himself there (e.g. with password, MFA etc.).

Token return: The IdP returns an ID token (usually in JWT format) that confirms the identity of the user.

Verification and use: The application checks the token and logs the user in.

Key components

ID token: proves the identity of the user. Contains claims such as name, e-mail, "sub" (subject identifier) and other attribute-based information.

Authorization Server: Takes care of authentication and issues tokens (e.g. ID tokens, access tokens). It is the central instance in the OpenID Connect flow.

Relying Party (RP): The application or service that trusts the authentication of the identity provider and evaluates the ID token.

Scopes: Define which information and authorizations may be requested - e.g. "openid", "profile", "email".

Advantages of OpenID Connect

OpenID Connect offers a number of decisive advantages for modern web and cloud applications:

• High security: By using the latest security standards, token-based procedures and support for multi-factor authentication, OIDC is robust against common threats such as phishing or token replay attacks.
• Improved user-friendliness: Thanks to Single Sign-On (SSO), users only need to log in once to access multiple services.
• Standardization and interoperability: As an open protocol, OIDC is natively supported by numerous platforms, frameworks and tools. This facilitates integration and reduces dependency on proprietary solutions.
• Scalability: OIDC is equally suitable for small web projects and for complex, distributed system landscapes with microservices or cloud infrastructures.
• Developer friendliness: Many modern development platforms, including Google, Microsoft Entra ID or Auth0, support OIDC out-of-the-box. This significantly reduces the implementation effort[2].

Conclusion

OpenID Connect combines security, user-friendliness and interoperability in a standardized authentication protocol. Thanks to its broad support, simple integration and scalability, OIDC is now the de facto standard for secure login procedures in modern web and cloud applications.