At my company we are early implementors for bleeding-edge protocols that some of our customers might want to use in an upcoming release.
One of these is OpenID Connect.
OpenID Connect leverages and builds upon OAuth 2.0. It uses the the same authorization server, some of the same endpoints as OAuth 2.0, an access token (in addition to the new id token), and builds upon OAuth use cases like auth code and implicit.
In my testing it seemed simpler to use, less heavyweight, more restrictive in claims/attributes sharing, and used some of latest technologies for its framework: REST, JSON, JWT, JWK, and newer cryptographic libraries like Elliptical curve.
No comments:
Post a Comment