Specifications and Implementer’s Guides
Final Specifications
- OpenID Connect Core – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of claims to communicate information about the End-User
- OpenID Connect Discovery – Defines how clients dynamically discover information about OpenID Providers
- OpenID Connect Dynamic Registration – Defines how clients dynamically register with OpenID Providers
- OAuth 2.0 Multiple Response Types – Defines several specific new OAuth 2.0 response types
- OAuth 2.0 Form Post Response Mode – Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST
- OpenID 2.0 to OpenID Connect Migration 1.0 – Defines how to migrate from OpenID 2.0 to OpenID Connect
- OpenID Connect RP-Initiated Logout – Defines how a Relying Party requests that an OpenID Provider log out the End-User
- Session Management – Defines how to manage OpenID Connect sessions, including postMessage-based logout and RP-initiated logout functionality
- Front-Channel Logout – Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
- Back-Channel Logout – Defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out
- OpenID Connect Core Error Code unmet_authentication_requirements – Defines the unmet_authentication_requirements authentication response error code
- Initiating User Registration via OpenID Connect – Defines the prompt=create authentication request parameter
Implementer’s Drafts
- OpenID Connect Federation – Defines how sets of OPs and RPs can establish trust by utilizing a Federation Operator [Most recent Implementer’s Draft]
- Self-Issued OpenID Provider V2 – Enables End-users to use OpenID Providers (OPs) that they control [Most recent Implementer’s Draft]
- OpenID for Verifiable Presentations – This specification defines a mechanism on top of OAuth 2.0 to allow presentation of claims in the form of verifiable credentials as part of the protocol flow [Most recent Implementer’s Draft]
- OpenID Connect Native SSO for Mobile Apps – Enables native applications by the same vendor to share login information [Most recent Implementer’s Draft]
Drafts
- OpenID Connect Profile for SCIM Services – (Inactive) Defines how to use SCIM with OpenID Connect
- OpenID Connect Claims Aggregation – Enables RPs to request and Claims Providers to return aggregated claims through OPs
- OpenID for Verifiable Credential Issuance – This specification defines an API and corresponding OAuth-based authorization mechanisms for issuance of Verifiable Credentials
- OpenID Connect UserInfo Verifiable Credentials – Enables UserInfo responses as Verifiable Credentials
- OpenID for Verifiable Presentations over BLE – Defines how Bluetooth Low Energy (BLE) can be used to request the presentation of verifiable credentials
Implementer’s Guides
Two implementer’s guides are also available to serve as self-contained references for implementers of basic Web-based Relying Parties:
- Basic Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth code flow
- Implicit Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth implicit flow
Moved to the eKYC-IDA working group
- OpenID Connect for Identity Assurance – Defines an OpenID Connect extension for Identity Assurance
Repository and Editor’s Drafts
Active Members (past and present)
- Nat Sakimura (nat@nat.consulting), NAT.Consulting – Chair
- Mike Jones (michael_b_jones@hotmail.com), independent – Co-Chair
- John Bradley (ve7jtb@ve7jtb.com), Yubico – Co-Chair
- Adam Lemmon (adam@trybe.id), TrybeID
- Anthony Nadalin (nadalin@prodigy.net), Independent
- Andreas Åkre Solberg (andreas.solberg@uninett.no), UNINET
- Axel Nennker (axel.nennker@telekom.de), Deutsche Telekom
- Breno de Medeiros (breno@gmail.com), Google
- Brian Campbell (bcampbell@pingidentity.com), Ping Identity
- David Chadwick (david.chadwick@crosswordcybersecurity.com), Crossword Cybersecurity
- Bjorn Hjelm (Bjorn.Hjelm@verizonwireless.com), Verizon Wireless
- Casper Biering (cb@peercraft.com), Peercraft
- Chuck Mortimore (charliemortimore@gmail.com), Disney
- David Recordon (recordond@gmail.com), Independent
- David Waite (dwaite@pingidentity.com), Ping Identity
- Edmund Jay (ejay@mgi1.com), Illumila
- Filip Skokan (panva.ip@gmail.com), Auth0
- George Fletcher (gffletch@aol.com), Capital One
- Hans Zandbelt (hans.zandbelt@zmartzone.eu), ZmartZone
- Hideki Nara (hideki.nara@gmail.com), Takt Communications
- Jeremie Miller (jmiller@pingidentity.com), Ping Identity
- Johnny Bufu (johnny.bufu@gmail.com), Independent
- John Bradley (ve7jtb@ve7jtb.com), Yubico
- Joseph Heenan (joseph@authlete.com), Authlete
- Justin Richer (justin@bspk.io), Bespoke Engineering
- Kim Cameron (kim@identityblog.com), Independent
- Kristina Yasuda (Kristina.Yasuda@microsoft.com), Microsoft
- Luke Shepard (luke@lukeshepard.com), Independent
- Michael B. Jones (michael_b_jones@hotmail.com), independent
- Nat Sakimura (nat@nat.consulting), NAT.Consulting
- Naveen CM, Yahoo Ad Tech
- Nov Matake (nov@matake.jp), Independent
- Oliver Terbu (oliver.terbu@mesh.xyz), ConsenSys Mesh
- Pamela Dingle (Pamela.Dingle@microsoft.com), Microsoft
- Paul Tarjan (paul@paultarjan.com), Independent
- Phil Hunt (phil.hunt@independentid.com), Independent
- Rich Levinson (rich.levinson@oracle.com), Oracle
- Roland Hedberg (roland@catalogix.se), Independent
- Ryo Ito (ryo.ito@mixi.co.jp), mixi, Inc.
- Tim Cappalli (Tim.Cappalli@microsoft.com), Microsoft
- Tobias Looker (tobias.looker@mattr.global), Mattr
- Tom Jones (thomasclinganjones@gmail.com), Independent
- Torsten Lodderstedt (torsten@lodderstedt.net), yes.com
- Vittorio Bertocci (vittorio.bertocci@auth0.com), Auth0
- Vladimir Dzhuvinov (vladimir@connect2id.com), Connect2id