OIDC
OAuth 2 provides a framework for authorizing applications to call APIs, but isn’t designed for authenticating users to applications. The OpenID Connect (OIDC) protocol provides an identity service layer on top of OAuth 2, designed to allow authorization servers to authenticate users for applications and return the results in a standard way. Some implementations of OAuth 2 added proprietary additions to do this, but a standard solution was needed. In this chapter, we’ll describe the problem OIDC solves in more detail and how an application can use OIDC to authenticate a user.