OpenID Connect

22

The OAuth 2.0 framework explicitly does not provide any information about the user that has authorized an application. OAuth 2.0 is a delegation framework, allowing third-party applications to act on behalf of a user, without the application needing to know the identity of the user.

OpenID Connect takes the OAuth 2.0 framework and adds an identity layer on top. It provides information about the user, as well as enables clients to establish login sessions. While this chapter is not meant to be a complete guide to OpenID Connect, it is meant to clarify how OAuth 2.0 and OpenID Connect relate to each other.