So, the OAuth dance works fine with an authorization server we control ourselves. But what happens if we replace it with a certified OpenID Connect provider? In theory, it should work out of the box. Let's find out, shall we?
For a list of certified implementations of OpenID Connect, refer to https://openid.net/developers/certified/. We will use Auth0, https://auth0.com/, for our tests with an OpenID provider. To be able to use Auth0 instead of our own authorization server, we will go through the following topics:
- Setting up an account with an OAuth client and a user in Auth0
- Applying the changes required to use Auth0 as an OpenID provider and running the test script to verify whether it is working
- Acquiring access tokens using the following:
- Password grant flow
- Implicit grant flow
- Authorization...