Overview
OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol. Where OAuth 2.0 is concerned with authorization (granting applications access to resources), OpenID Connect adds authentication: clients can verify the identity of the user who signed in. This supports single sign-on, in which a user authenticates once and uses the resulting identity across several services.
ID Tokens
In the context of OpenID Connect (OIDC), an ID token is a JSON Web Token (JWT) that contains information about the authenticated user, or subject. ID tokens are central to OIDC’s purpose of enabling authentication. When a client uses OpenID Connect to authenticate a user, the OpenID provider (such as Stalwart when configured as an OIDC server) issues an ID token to the client, confirming the identity of the user who has logged in.
OIDC Provider
Stalwart includes an OpenID Connect (OIDC) provider, enabled automatically. Clients and applications can therefore authenticate users against Stalwart and obtain ID tokens directly. The provider is OIDC-compliant and supports a range of JWT signing algorithms, both symmetric and asymmetric.
Endpoints
Stalwart supports various OpenID Connect (OIDC) endpoints that allow clients and applications to interact with the server for authentication and identity information. Below is a brief description of the key OIDC endpoints available in Stalwart.