OIDC(OpenID Connect) 简介

OIDC(OpenID Connect) 简介 Authentication vs. authorization Authentication 通常是指校验是否是用户本人的这个过程，而 Authorization 则更多的是指用户是否有权限。通常我们都是先校验 是否是用户本人，然后再校验用户是否有权限。也就是先开始 Authentication，再开始 Authorization。 Authentication Authorization Determines whether users are who they claim to be Determines what users can and cannot access Challenges the user to validate credentials (for example, through passwords, answers to security questions, or facial recognition) Verifies whether access is allowed through policies and rules Usually done before authorization Usually done after successful authentication Generally, transmits info through an ID Token Generally, transmits info through an Access Token Generally governed by the OpenID Connect (OIDC) protocol Generally governed by the OAuth 2.0 framework Example: Employees in a company are required to authenticate through the network before accessing their company email Example: After an employee successfully authenticates, the system determines what information the employees are allowed to access OAuth 2 Client Credentials Grant 这种模式是最简单的，其实就是客户端告诉服务端自己是哪个客户端，服务器就将 access_token 下发