OpenID Connect

OpenID Connection is an extension for OAuth 2.0 and adds authentication capabilities on top of this authorization framework.

The primary additions to OAuth 2.0 are the introduction of an id_token and an userinfo API endpoint.

ID Token

The ID Token is a JWT with identity and authentication information. It provides information about the subject that was authenticated as well as some details about the authentication action.


The Userinfo endpoint is an API that provides user information. Depending on the setup and configured preferences, it provides very much the same information as an id_token. Depending on your use case, you often either use an id_token or the Userinfo endpoint.


Often forgotten but not less important: the logout process. The core specifications of OpenID Connect do not describe the logout process but additional specifications do. has implemented OpenID Connect Front-Channel Logout 1.0.