To make it short:
How exactly does an "Self-Issued OpenID Provider" differentiate from a “normal OpenID Provider” (lets say google) ?
I read the specification which just says :
"OpenID Connect supports Self-Issued OpenID Providers - personal, self-hosted OPs that issue self-signed ID Tokens. Self-Issued OPs use the special Issuer Identifier https://self-issued.me.“
So I understand that an „Self-Issued OpenID Provider” can be hosted by myself, and signs the the ID Tokens.
Is the difference that the Tokens from the “normal OpenID Provider” are signed with an certificate which is trusted (e.g. because it's signed by a root CA certificate which is already in the certificate store), and can be validated without the need of sending the public-key within the response ?
Eventually somebody can clarify this, I would appreciate it much.
Thanks in advance and best regards !
An identity provider, or OpenID provider (OP) is a service that specializes in registering OpenID URLs or XRIs. OpenID enables an end user to communicate with a relying party.
How is OpenID Connect different than OpenID 2.0? OpenID Connect performs many of the same tasks as OpenID 2.0, but does so in a way that is API-friendly, and usable by native and mobile applications. OpenID Connect defines optional mechanisms for robust signing and encryption.
In continuing with our efforts toward greater openness, we are excited to announce that Facebook is now an OpenID relying party.
OAuth 2.0 is designed only for authorization, for granting access to data and features from one application to another. OpenID Connect (OIDC) is a thin layer that sits on top of OAuth 2.0 that adds login and profile information about the person who is logged in.
How exactly does an "Self-Issued OpenID Provider" differentiate from a “normal OpenID Provider” (lets say google)?
A normal provider such as Google, is available at an HTTP endpoint. Requests to normal providers use the http://
protocol.
A self-issued provider is usually installed on the end-user's device. Requests to self-issued providers use the openid://
protocol.
For example, on an Android device, Google Chrome could act as a self-issued provider, because the end-user has signed into his Android device, and Google Chrome probably has access to the end-user's identity.
From the spec:
Self Issued Provider is a personal OP that typically runs on a deviced owned by the user. OpenID Connect - Part 5: Self Issued Provider
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With