ID token or /userinfo for Identity assertion

After authenticating with a provider, an application will often receive both an ID token and an access token on behalf of the user. Now it seems there are two ways to assert who the user is. Verify the ID token and then read the ID token. Pass the...
more »

2017-09-14 08:09 (2) Answers

Secure API with OpenID Connect - RP trust of OP

Getting to grips with OpenID Connect with a third party IdP ( OP ) and securing APIs. I'm comfortable with the client and user agent component and the OAuth2.0 flows and scopes to get an access token and an id token issued to my client from an IdP W...
more »

2017-04-23 11:04 (3) Answers