OAuth 2.0 & OpenID Connect

Estimated reading: 2 minutes 300 views

Visual Guard Identity Server adheres to the OAuth 2.0 and OIDC standards, providing secure and reliable user authentication and authorization services. 


What is OAuth 2.0?

OAuth 2.0 is an authorization framework that allows applications to access protected resources on behalf of a user without requiring the user to share their credentials directly. It provides API security through scoped access tokens 


What is OpenID Connect?

OpenID Connect (OIDC) is an authentication layer built on top of OAuth 2.0. While OAuth 2.0 focuses on authorizing access to resources, OIDC primarily deals with verifying the identity of the user and Single Sign-On (SSO) functionality. 


How it Works: 

  1. User Authorization: The user grants permission to the client to access their data.
  2. Token Exchange: The client requests an access token and identity token from the VisualGuard Identity server by providing proof of user authorization.
  3. Resource Access: The client uses the access token to access the protected resources and identity token to get the user information.      

Key Concepts: 

  1. Resource Owner: The user who owns the data or resources.
  2. Client: The application requesting access to the resources.
  3. VisualGuard Identity Server: The entity that validates and grants access to the resources and provides identity information of the user. 
  4. Grant types: Visual Guard supports several grant types such as Authorization Code, Hybrid, Resource Owner Password, Implicit, ClientCredentials etc.      

5. Scopes or Identity Resources: Visual Guard supports several scopes or identity resources to be included in the token as claims or user information such as VGActivityDate, VGApplications, VGDeveloper, VGIsApproved, VGIsLocked, VGPermissions, VGProfile, VGRoles, VGToken etc.

6. Access token: The token issued by the VisualGuard Identity server. They serve as bearer tokens, granting applications limited access to protected resources on behalf of a user.

7. Refresh token: A token which is exchanged for a new access token if the access token has expired. (optional) 

8. Identity Tokens: OIDC introduces identity tokens, which contain information about the authenticated user, such as their name, email address, and other profile details along with other claims which can be included in identity tokens for sharing user information.