Secure APIs with FastAPI and the Microsoft Identity Platform Transcripts
Chapter: Introduction to Identity
Lecture: Introduction to the OIDC protocol
Login or purchase this course to watch this video and the rest of the course contents.
0:00 The Oauth 2 protocols solved many problems. But as its common developers started abusing it to sign in users. Remember Oauth2
0:10 is only an authorization protocol and therefore it should only be used to request and access
0:17 authorized resources, not for authenticating users. To address the shortcomings of Oauth2.
0:23 The industry came up with the Open ID connect protocol or OIDC which is focused solely on user authentication. OIDC
0:33 Is built on top of Oauth2 and is designed to verify a user's identity when trying to access a protected resource.
0:41 That's his website or a desktop application. Open ID connect uses a similar process as Oauth in that the user is redirected away from
0:51 the application to a well known identity service to sign in using either the user name and password or a social media account.
1:00 The identity service returns an identity token to the application. That identity token, usually a JSON web token or JWT is used by the application
1:11 to personalize the user experience and perform further authorization checks if necessary.
1:18 JSON Web tokens contain vital information such as the token issuer designing time, the expiration time and user details such as name and email.
1:29 This information is also called 'token claims'. In some cases, these tokens also contain additional information such as user roles or user
1:38 groups that can be used by the application for authorization purposes.
1:42 Many identity systems are extensible enough to allow developers to add additional claims to these tokens
1:48 The important thing about the Oauth2 OIDC protocols is that application developers never have to worry about managing user credentials,
1:57 since these protocols rely on an identity service to store sensitive information and only issued tokens when requested.