OpenID Connect
The OAuth 2.0 Authorization Framework describes a protocol for managing authorization to protected resources for your service. It does not, however, describe methods for authentication. OpenID Connect is a protocol built on top of the OAuth 2.0 protocol in order to provide a complete solution for both authentication and authorization. In short, OpenID Connect provides an identity layer on top of the authorization protocol described by OAuth 2.0. This allows client applications to verify the identity of an end-user based on the authentication performed while gaining user consent. Most importantly, this can all be done by the client application without having to store or manage passwords.
You may recall from Chapter 1, Why Should I Care About OAuth 2.0? that we introduced the concepts of federated identity and delegated authority and mentioned that they are actually the same underlying concept. In one delegated authority scenario, the user is delegating authority for a client...
