SlideShare a Scribd company logo

OpenID Connect Overview

Download as PPTX, PDF
Pat Patterson
Pat Patterson

Brief overview of OpenID Connect - presented at Bay Area Identity Developers Meetup, Dec 2 2013.

TechnologyNews & Politics
1 of 17
OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy
What is OpenID Connect? Simple Identity Layer for the Internet [OpenID Connect] allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
What is OpenID Connect? • Specification defined by OpenID Foundation ‘Connect’ Work Group – NRI, Ping Identity, Microsoft, Google, Salesforce etc • Built on OAuth 2.0 • REST-based • Successor to SAML?
OpenID Connect Status • ‘Nearly complete’ – Second set of OpenID Connect Implementer’s Drafts approved in July, 2013 – Interop testing under way – Waiting for dependencies to be standardized • JWT, JWS etc
OpenID Connect Specification • OpenID Connect 1.0 Specification – Core – Discovery (optional) – Dynamic Registration (optional) – Session Management (optional) – OAuth 2.0 Multiple Response Types • Implementer’s Guides – Basic Client Profile – Implicit Client Profile
OpenID Connect Roles Web-based, mobile, or JavaScript Clients verify the identity of End-Users based on authentication performed by an Authorization Server.
OpenID Connect Basic Client Profile
OpenID Connect Implicit Client Profile
OpenID Connect Token Response { "access_token":"SlAV32hkKG", "token_type":"Bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... ZXso” } • id_token is a JSON Web Token (JWT) – Signed, URL/filename-safe base64 encoded JSON data
OpenID Connect ID Token { "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "exp": 1311281970, "iat": 1311280970 } • Issuer, Subject, Audience, Expiry, Issued At • Also optional email, auth_time, nonce etc
Who is Deploying OpenID Connect? • Services: Google, Salesforce, eBay, AOL, Deutsche Telekom, Orange • Vendors: IBM, Microsoft, Ping Identity, Layer 7, ForgeRock, Gluu, MITRE, NRI
OpenID Connect in Action • Client: Salesforce Community • Auth Server: Google • End User: Me!
Salesforce Community Login Page
Google Login Page
Google Authorization Page
Salesforce Community Home Page
Questions? Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy

Recommended

Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenIDPrabath Siriwardena
 

Recommended

Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenIDPrabath Siriwardena
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
OAuth 2
OAuth 2OAuth 2
OAuth 2ChrisWood262
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectUbisecure
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
OpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Foundation Japan
 
Kuberntes Ingress with Kong
Kuberntes Ingress with KongKuberntes Ingress with Kong
Kuberntes Ingress with KongNebulaworks
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways Kong Inc.
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateMikeLeszcz
 

More Related Content

What's hot

OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectUbisecure
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
OpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Foundation Japan
 
Kuberntes Ingress with Kong
Kuberntes Ingress with KongKuberntes Ingress with Kong
Kuberntes Ingress with KongNebulaworks
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways Kong Inc.
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 

What's hot (20)

OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
OpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンス
 
Kuberntes Ingress with Kong
Kuberntes Ingress with KongKuberntes Ingress with Kong
Kuberntes Ingress with Kong
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 

Similar to OpenID Connect Overview

OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateMikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OpenIDFoundation
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018OpenIDFoundation
 
ざっくり解説 LINE ログイン
ざっくり解説 LINE ログインざっくり解説 LINE ログイン
ざっくり解説 LINE ログインNaohiro Fujie
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCloudIDSummit
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity serversureshattanayake
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringVMware Tanzu
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewOpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewMikeLeszcz
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 

Similar to OpenID Connect Overview (20)

OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
 
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
ざっくり解説 LINE ログイン
ざっくり解説 LINE ログインざっくり解説 LINE ログイン
ざっくり解説 LINE ログイン
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity Server
 
Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity server
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
Microservice with OAuth2
Microservice with OAuth2Microservice with OAuth2
Microservice with OAuth2
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewOpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization Server
 

More from Pat Patterson

DevOps from the Provider Perspective
DevOps from the Provider PerspectiveDevOps from the Provider Perspective
DevOps from the Provider PerspectivePat Patterson
 
How Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business InsightsHow Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business InsightsPat Patterson
 
Data Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, HowData Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, HowPat Patterson
 
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...Pat Patterson
 
Dealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data LakeDealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data LakePat Patterson
 
Integrating with Einstein Analytics
Integrating with Einstein AnalyticsIntegrating with Einstein Analytics
Integrating with Einstein AnalyticsPat Patterson
 
Efficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema RegistryEfficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema RegistryPat Patterson
 
Dealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data LakeDealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data LakePat Patterson
 
Building Data Pipelines with Spark and StreamSets
Building Data Pipelines with Spark and StreamSetsBuilding Data Pipelines with Spark and StreamSets
Building Data Pipelines with Spark and StreamSetsPat Patterson
 
Adaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and CassandraAdaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and CassandraPat Patterson
 
Building Custom Big Data Integrations
Building Custom Big Data IntegrationsBuilding Custom Big Data Integrations
Building Custom Big Data IntegrationsPat Patterson
 
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Pat Patterson
 
Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!Pat Patterson
 
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Pat Patterson
 
All Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of RESTAll Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of RESTPat Patterson
 
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud IdentityProvisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud IdentityPat Patterson
 
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)Pat Patterson
 
Enterprise IoT: Data in Context
Enterprise IoT: Data in ContextEnterprise IoT: Data in Context
Enterprise IoT: Data in ContextPat Patterson
 
OData: A Standard API for Data Access
OData: A Standard API for Data AccessOData: A Standard API for Data Access
OData: A Standard API for Data AccessPat Patterson
 
API-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FutureAPI-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FuturePat Patterson
 

More from Pat Patterson (20)

DevOps from the Provider Perspective
DevOps from the Provider PerspectiveDevOps from the Provider Perspective
DevOps from the Provider Perspective
 
How Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business InsightsHow Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business Insights
 
Data Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, HowData Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, How
 
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
 
Dealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data LakeDealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data Lake
 
Integrating with Einstein Analytics
Integrating with Einstein AnalyticsIntegrating with Einstein Analytics
Integrating with Einstein Analytics
 
Efficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema RegistryEfficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema Registry
 
Dealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data LakeDealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data Lake
 
Building Data Pipelines with Spark and StreamSets
Building Data Pipelines with Spark and StreamSetsBuilding Data Pipelines with Spark and StreamSets
Building Data Pipelines with Spark and StreamSets
 
Adaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and CassandraAdaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and Cassandra
 
Building Custom Big Data Integrations
Building Custom Big Data IntegrationsBuilding Custom Big Data Integrations
Building Custom Big Data Integrations
 
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?
 
Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!
 
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?
 
All Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of RESTAll Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of REST
 
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud IdentityProvisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
 
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
 
Enterprise IoT: Data in Context
Enterprise IoT: Data in ContextEnterprise IoT: Data in Context
Enterprise IoT: Data in Context
 
OData: A Standard API for Data Access
OData: A Standard API for Data AccessOData: A Standard API for Data Access
OData: A Standard API for Data Access
 
API-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FutureAPI-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the Future
 

Recently uploaded

Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Recently uploaded (20)

Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

OpenID Connect Overview

  • 1. OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy
  • 2. What is OpenID Connect? Simple Identity Layer for the Internet [OpenID Connect] allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
  • 3. What is OpenID Connect? • Specification defined by OpenID Foundation ‘Connect’ Work Group – NRI, Ping Identity, Microsoft, Google, Salesforce etc • Built on OAuth 2.0 • REST-based • Successor to SAML?
  • 4. OpenID Connect Status • ‘Nearly complete’ – Second set of OpenID Connect Implementer’s Drafts approved in July, 2013 – Interop testing under way – Waiting for dependencies to be standardized • JWT, JWS etc
  • 5. OpenID Connect Specification • OpenID Connect 1.0 Specification – Core – Discovery (optional) – Dynamic Registration (optional) – Session Management (optional) – OAuth 2.0 Multiple Response Types • Implementer’s Guides – Basic Client Profile – Implicit Client Profile
  • 6. OpenID Connect Roles Web-based, mobile, or JavaScript Clients verify the identity of End-Users based on authentication performed by an Authorization Server.
  • 7. OpenID Connect Basic Client Profile
  • 8. OpenID Connect Implicit Client Profile
  • 9. OpenID Connect Token Response { "access_token":"SlAV32hkKG", "token_type":"Bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... ZXso” } • id_token is a JSON Web Token (JWT) – Signed, URL/filename-safe base64 encoded JSON data
  • 10. OpenID Connect ID Token { "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "exp": 1311281970, "iat": 1311280970 } • Issuer, Subject, Audience, Expiry, Issued At • Also optional email, auth_time, nonce etc
  • 11. Who is Deploying OpenID Connect? • Services: Google, Salesforce, eBay, AOL, Deutsche Telekom, Orange • Vendors: IBM, Microsoft, Ping Identity, Layer 7, ForgeRock, Gluu, MITRE, NRI
  • 12. OpenID Connect in Action • Client: Salesforce Community • Auth Server: Google • End User: Me!
  • 17. Questions? Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy