Friday, April 19, 2013

OpenID Connect Testing

At my company we are early implementors for bleeding-edge protocols that some of our customers might want to use in an upcoming release.

One of these is OpenID Connect.

OpenID Connect leverages and builds upon OAuth 2.0. It uses the the same authorization server, some of the same endpoints as OAuth 2.0, an access token (in addition to the new id token), and builds upon OAuth use cases like auth code and implicit.

In my testing it seemed simpler to use, less heavyweight, more restrictive in claims/attributes sharing, and used some of latest technologies for its framework: REST, JSON, JWT, JWK, and newer cryptographic libraries like Elliptical curve.


No comments:

Exploring ELK (Elastic) Stack for hack-a-thon

At my current gig, our group finally got to do hack-a-thon week and I joined a team project that tied together a few of the technologies I&#...