OpenID Connect (OIDC) is an open authentication protocol that sits on top of OAuth 2.0, transforming it into a powerful framework not only for authorization but also for user authentication. OIDC enables applications to verify a user’s identity based on the authentication performed by an Identity Provider (IdP) and to obtain basic profile information in a secure and standardized way.

‍

While OAuth 2.0 alone provides delegated access to resources, it does not specify how to authenticate users. OIDC fills this gap by introducing the ID Token, a cryptographically signed token (often in the form of a JSON Web Token, or JWT) that contains claims about the authenticated user and the authentication event—such as the user's name, email, unique identifier, and authentication time.

A typical OIDC flow includes:

• The user initiates login with an application (the Relying Party)
• The app redirects the user to the Authorization Server (the IdP)
• After the user authenticates, the server returns an ID Token (for identity) and optionally an Access Token (for resource access)

OIDC supports features such as:

• Single Sign-On (SSO) across applications and domains
• UserInfo endpoints for retrieving additional user attributes
• Scopes and claims to control which identity details are shared

OIDC is widely supported by major IdPs including Google, Microsoft Entra ID (formerly Azure AD), Okta, and Auth0, making it a go-to protocol for cloud-based and mobile authentication scenarios.

‍

By building on the flexibility of OAuth 2.0 and standardizing identity verification, OpenID Connect enables secure, user-friendly authentication flows and seamless integration across modern web, mobile, and API-driven ecosystems.