1

I have a website and I want to use openId connect to authentic user via Google or LinkedIn. I have create a program with authentic user via Google. I am little bit confused that request I am for google is exactly same as used in oauth2, only difference in scope parameter which I passed.

 https://accounts.google.com/o/oauth2/v2/auth?
 client_id=xxxxxxxxxxxxxxxxxxxx&
 response_type=code&scope=openid%20email&redirect_uri=http://example.com/abc&state=fb25331d49034379a46ba62a31a

after this there is one more call to get access token. I did not see any difference in request between openId-connect and oauth2.

Also, I want to make generic method which can authentic via google and linkedIn. Is openId connect provide a standard method to authentic via multiple IDP.

Thanks.

lucy
  • 4,136
  • 5
  • 30
  • 47

1 Answers1

2

The only difference wrt. the Authorization Request between OpenID Connect and OAuth 2.0 is indeed the contents of the "scope" parameter.

OpenID Connect is built on top of OAuth. The way to trigger an OpenID Connect flow is to include the "openid" scope in the Authorization Request.

OpenID Connect is an standardized SSO protocol that is implemented by various Providers. Unfortunately LinkedIn does not support it (yet), see: Is LinkedIn OpenID Connect provider? How can it be used with AWS Cognito Federated Identity?

Community
  • 1
  • 1
Hans Z.
  • 50,496
  • 12
  • 102
  • 115
  • I am trying to implement OpenID connect for my App. Do I need to specify the endpoints of all OpenID providers and handle requests manually or the user can input any OpenID server? In that case, is there any standardisation for the callback requests I will receive? – lucy May 18 '17 at 13:18
  • the vast majority of providers would support the Discovery extension that allows you to do that: http://openid.net/specs/openid-connect-discovery-1_0.html – Hans Z. May 18 '17 at 13:27