OIDC is an open authentication protocol that adds an identity layer to OAuth 2.0. OAuth 2.0 is an authorisation framework allowing third-party applications to access a user account by delegating authentication to the service provider that hosts it. With OIDC, clients can verify the identity of an end user via authentication by an authorisation server. Furthermore, it provides a single framework for securing APIs, mobile native apps, and browser-based apps.
OIDC starts by asking the user to authorise a request. OIDC scopes will be included along with any additional areas of user information that the client wants. In response to the request, the client will receive both an ID and an access token that carry claims containing information about the user. For the remaining claims about a user, the client can then contact the UserInfo endpoint of the authorisation server. OIDC empowers greater discoverability and more seamless IT security management.
For one, OIDC improves IT security by enabling the checking of authorisation across resource, user and device levels. This multidimensional security approach minimises unauthorised access. Moreover, as mentioned above, since OIDC works by issuing access tokens, data will only be accessed by authorised users. Organisations gain visibility to the users accessing their data, which leads to greater peace of mind and overall enhanced IT security. Secondly, OIDC provides convenience and eliminates the hassle of having multiple applications and separate databases of information. When digital identities and authorisation access are securely encapsulated on one platform, IT resources can be maximised elsewhere.
Last but not least, OIDC is efficient and intuitive to use. Since OIDC is built upon OAuth 2.0, it is API-ready, providing a complete, standardised setup across all touchpoints, from the authentication process to the display of the outcome. The response-request format is human-readable as well and works well for data-interchange operations.
Before Singpass integration shifted to OIDC, it relied on SAML. With SAML, an identity provider and a service provider can authenticate with each other through XML. SAML was one of the first to be used for federated access, establishing it as a major player in the SSO arena. Though both SAML and OIDC are similar in function, allowing for authentication and secure transmission of user information between authentication systems, they are different in many ways. Below are some differences between the two.
OIDC is simpler to integrate than SAML, and it supports a greater range of apps. It consists of the following features:
With Adnovum's expertise in IT security in Singapore, organizations can trust a seamless integration of OIDC into their IT infrastructure. Adnovum ensures that the integration meets the diverse needs of both internal and external users. Contact Adnovum today for more information on making the OIDC transition a success for your organization!