Chat now with support
Chat with Support

Cloud Access Manager 8.1 - How To Develop OpenID Connect Apps

confidential

Server-based applications (typically web applications) are capable of maintaining the confidentiality of secret information. Applications which run in this environment should be configured as confidential. Cloud Access Manager does authenticate confidential clients. When you configure your application as a confidential client, you must use the Authorization Code flow; Cloud Access Manager will return an error if an attempt is made to invoke Implicit flow from a confidential client.

What is OpenID® Connect?

OpenID Connect is a standard which defines how the identity of an end-user can be verified, and how claims about a user can be obtained. It is an extension to the OAuth v2.0 protocol.
OpenID Connect deals with scenarios where a user is authenticated using a browser (for example the authorization code and implicit code flows of the OAuth v2.0 specification). Clients signal to the authorization server that they wish to perform OpenID Connect authentication by setting the scope in the initial authorization request to openid.
In OpenID Connect, the client is referred to as the Relying Party (RP) and the Authorization Server is known as the OpenID Provider (OP). The core specification for OpenID Connect can be found online at http://openid.net/specs/openid-connect-core-1_0.html
Figure 3. Conceptual view of OpenID® Connect

OpenID® Connect ID Token

As a result of a successful authentication request, the OpenID Provider returns an ID Token in the form of a JSON Web Token, the specification for the JSON Web Token format can be found online at https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32. The ID Token contains claims about the authentication of an end-user as follows:

iss

Issuer. A URL that identifies the OP.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating