oidc
oidc
Terminology
Resource Owner
You
Client
Terrible Pun of the Day
Authorization Server
Where you have an account
Resource Server
API the client wants to use
Redirect URI
Where you come back
Response Type
most common is code
authorization code
Scope
granular permissions
Consent
The box you click to allow access
Client ID
Identifies the client
Client Secret
Shared secret only the Authorization server and client know
Authorization Code
short lived code the client gives the authz server for an access token
Access Token
Key the client will use with the authz server
links
https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
https://github.com/panva/node-oidc-provider
security considerations
docs
tags
OAuth2
No password anti pattern
Share your contacts to email them
Flow
Authorization Code Flow
Click on your provider
Redirect there
Log in or logged in
Click allow
Redirect back
OIDC
Flow
OIDC Flow
Click on your provider
Redirect there
Log in or logged in
Click allow
Redirect back
Client also gets ID JWT Token