How does OpenIdConnect work

OpenId is the protocol to negotiate authentication and get back an access token that your app can verify that it comes from your openId authority so that you may trust the information in the ticket - like the user-email maybe - or some claim that the user is admin or the like.

OpenIdConnect is a standard built on top of OpenId that makes setup much easier.

Even if every OpenId Authority has their own naming on endpoints etc - they can explain what their own way is in the OpenIdConnect contract

https://<OpenIdAuthority>/.well-known/openid-configuration

Debugging

If you have setup issues and need to debug where the issue lies this is a great way:

https://docs.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/app-aad-token

You can use the browser to mimic the calls that will be done. The first call to the OpenIdConnect authority is to get a "one time" code. The Authority will respond with a redirect to the callback url WITH AN APPENDED code.

It is this code you use to get the AccessToken.

2020-09-13 11h46 55.png

This is what we write to the turnkey-log regarding the OpenIdConnect flow:


          Notifications = new OpenIdConnectAuthenticationNotifications 
          {
            AuthenticationFailed = context =>
            {
              Common.CentralLogging("OpenId AuthenticationFailed " + context.Exception.Message);
...
            },
            AuthorizationCodeReceived = context =>
            {

              Common.CentralLogging("OpenId AuthorizationCodeReceived0 ");
              Common.CentralLogging("OpenId AuthorizationCodeReceived1 " + context.Code);
              Common.CentralLogging("OpenId AuthorizationCodeReceived2 " + context.Code + " " + context.AuthenticationTicket.Identity.GetUserName());
...
            },
            SecurityTokenValidated = context =>
            {
              Common.CentralLogging("OpenId SecurityTokenValidated " + context.Options.Description);
...
            },
            RedirectToIdentityProvider = context =>
            {
              Common.CentralLogging("OpenId RedirectToIdentityProvider1 " + context.Options.RedirectUri);
              Common.CentralLogging("OpenId RedirectToIdentityProvider2 " + context.Options.ResponseType);
...
            },
            SecurityTokenReceived = context =>
            {
              Common.CentralLogging("OpenId SecurityTokenReceived ");
...
            },
            MessageReceived = context =>
            {
              Common.CentralLogging("OpenId MessageReceived ");
...
            }
          }
        };
This page was edited 74 days ago on 02/10/2024. What links here
Retrieved from "https://wiki.mdriven.net/index.php?title=Documentation:How_does_OpenIdConnect_work&oldid=5601"

© MDRIVEN . All Rights Reserved

Glossary API Docs
MDriven World | Portal | Blog | YouTube | StackOverflow | Facebook

© MDRIVEN . All Rights Reserved