Jul 6, 2009 · I'm really trying to understand the difference between OpenID and OAuth? Maybe they're two totally separate things?

Jan 29, 2025 · I'm using Keycloak authentication in my React project with the packages react-oidc-context and oidc-client-ts. Authentication and API requests work perfectly when logging …

Aug 28, 2024 · I have a custom policy/flow for the B2C Identity Experience Framework. I need the user to log into a Microsoft account, get the access token from that, then use that access …

Dec 6, 2020 · If your organization uses an API-centered architecture, OIDC will provide a better experience for users of native and single-page applications. OIDC is lightweight and more …

Jul 11, 2023 · OIDC has Back-Channel Logout for this in which the IdP revokes tokens and issues the logout request to your web service and your web service logs out the user. Authentik does …

Jun 21, 2018 · According to the spec, OpenID Connect uses nonce as the registered claim name, but RFC 7519 already includes a registered claim named jti for this same purpose. Was this …

Oct 3, 2018 · So my final questions: 1. Can someone please explain if an IdP (providing a token) is required to be certified to provide an acr return value. 2. Is the return value …

Jun 21, 2013 · 7 years later... those loopholes surely aren't solved by OIDC though? You still have access tokens after all, and they still do the same thing they were supposed to do in OAuth2 in …

Mar 15, 2025 · 0 How to authenticate with OCI using OIDC in serverless environments (AWS Lambda/Azure Functions) with Python SDK? Background I'm trying to implement a solution …

Feb 14, 2024 · Without PKCE, a malicious mobile app could intercept an authorization code intended for the legitimate mobile app on the victim's device, as explained here. It could then …