Openid Connect Jwt

Do you want to know how OpenID Connect works? This book is for you! Exploring how OpenID Connect works in detail is the subject of this book. We take a bottom-up approach and first study all the elements (actors, endpoints, and tokens) of OpenID Connect. This puts us in an excellent position for the second step: to understand the various OpenID Connect Flows - how the actors, endpoints, and tokens are put together to transmit identity claims securely. Do you wonder why there are several OpenID Connect Flows? Whether we use OpenID Connect from a mobile app, a script in a browser or from a secure backend server, there is an appropriate OpenID Connect Flow with the right tradeoffs in security, functionality, and convenience for each of these scenarios. This book helps you to choose the right one. Do you think that these OpenID Connect Flows are confusing? You are not alone; the OpenID Connect Flows tend to get confusing. However, with this book, we make it clear and easy to understand: We visualize these flows and show how to choose the flow that is appropriate for a given scenario. A picture says more than a 1000 words - that is why we explain the OpenID Connect Flows using easy to understand sequence diagrams. Do you want to understand how JWT works? This book explains what a JSON Web Token (JWT) is, how it is used in OpenID Connect, how it is constructed, what data it contains, how to read it, and how to protect its contents. Do you wonder why there are so many tokens in OpenID Connect and how to use them? There are JWT, JWS, JWE, access tokens, refresh tokens, identity tokens, and authorization codes. This book helps you to make sense of them all. Using examples, we explore how the tokens are used, constructed, signed, and encrypted. Why is OpenID Connect so popular? If used in the right way, OpenID Connect is powerful, and everyone loves it: End-users don't need to signup and remember a new password Business owners enjoy high conversion rates Developers don't get any grey hair over securely storing credentials Do you want to increase the conversion rate of your app? Signup and login to a new app become so smooth and convenient that end-users are much more likely to try a new app. It is supported, e.g. by Google, Yahoo, or Microsoft. Would you like to manage no credentials but still have authenticated users? For us developers of web and mobile apps, these signup and login features are attractive, too: we do not need to manage user credentials, and we get a higher conversion rate resulting in more new customers. In effect, this means cutting costs and increasing the number of new customers for our apps. Which programming language do you use in the book? This is not a programming book, don't expect implementations with a specific programming language or library. Instead, we focus on understanding OpenID Connect on a conceptual level, so we can design and architect apps that work with OpenID Connect. And OpenID Connect is the standard behind creating smooth login and signup experiences, increasing the customer signup rate, and creating highly converting apps.