Specifications and Implementer’s Guides
Final Specifications
- OpenID Connect Core – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of claims to communicate information about the End-User
- OpenID Connect Discovery – (Optional) Defines how clients dynamically discover information about OpenID Providers
- OpenID Connect Dynamic Registration – (Optional) Defines how clients dynamically register with OpenID Providers
- OAuth 2.0 Multiple Response Types – Defines several specific new OAuth 2.0 response types
- OAuth 2.0 Form Post Response Mode – (Optional) Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST
- OpenID 2.0 to OpenID Connect Migration 1.0 – (Optional) Defines how to migrate from OpenID 2.0 to OpenID Connect
Implementer’s Drafts
- Session Management – (Optional) Defines how to manage OpenID Connect sessions, including postMessage-based logout and RP-initiated logout functionality
- Front-Channel Logout – (Optional) Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
- Back-Channel Logout – (Optional) Defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out
- OpenID Connect Federation – (Optional) Defines how sets of OPs and RPs can establish trust by utilizing a Federation Operator
Drafts
- OpenID Connect RP-Initiated Logout – (Optional) Defines how a Relying Party requests that an OpenID Provider log out the End-User
- Initiating User Registration via OpenID Connect – (Optional) Defines the prompt=create authentication request parameter
- OpenID Connect Core Error Code unmet_authentication_requirements – (Optional) Defines the unmet_authentication_requirements authentication response error code
- OpenID Connect Native SSO for Mobile Apps – (Optional) Enables native applications by the same vendor to share login information
- OpenID Connect Claims Aggregation – (Optional) Enables RPs to request and Claims Providers to return aggregated claims
- OpenID Connect Profile for SCIM Services – (Inactive) Defines how to use SCIM with OpenID Connect
Implementer’s Guides
Two implementer’s guides are also available to serve as self-contained references for implementers of basic Web-based Relying Parties:
- Basic Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth code flow
- Implicit Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth implicit flow
Moved to the eKYC-IDA working group
- OpenID Connect for Identity Assurance – (Optional) Defines an OpenID Connect extension for Identity Assurance
Repository and Editor’s Drafts
Active Members (past and present)
- Nat Sakimura (nat@nat.consulting), NAT.Consulting – Chair
- Mike Jones (mbj@microsoft.com), Microsoft – Co-Chair
- John Bradley (ve7jtb@ve7jtb.com), Yubico – Co-Chair
- Anthony Nadalin (nadalin@prodigy.net), Independent
- Andreas Åkre Solberg (andreas.solberg@uninett.no), UNINET
- Axel Nennker (axel.nennker@telekom.de), Deutsche Telekom
- Breno de Medeiros (breno@gmail.com), Google
- Brian Campbell (bcampbell@pingidentity.com), Ping Identity
- Bjorn Hjelm (Bjorn.Hjelm@verizonwireless.com), Verizon Wireless
- Casper Biering (cb@peercraft.com), Peercraft
- Chuck Mortimore (charliemortimore@gmail.com), VISA
- David Recordon (recordond@gmail.com), Independent
- Edmund Jay (ejay@mgi1.com), Illumila
- Filip Skokan (panva.ip@gmail.com), Auth0
- George Fletcher (george.fletcher@oath.com), Oath
- Hans Zandbelt (hans.zandbelt@zmartzone.eu), ZmartZone
- Hideki Nara (hideki.nara@gmail.com), Takt Communications
- Johnny Bufu (johnny.bufu@gmail.com), Independent
- John Bradley (ve7jtb@ve7jtb.com), Yubico
- Joseph Heenan (joseph@authlete.com), Authlete
- Justin Richer (justin@bspk.io), Bespoke Engineering
- Luke Shepard (luke@lukeshepard.com), Independent
- Michael B. Jones (mbj@microsoft.com), Microsoft
- Nat Sakimura (nat@nat.consulting), NAT.Consulting
- Nov Matake (nov@matake.jp), Independent
- Pamela Dingle (Pamela.Dingle@microsoft.com), Microsoft
- Paul Tarjan (paul@paultarjan.com), Independent
- Phil Hunt (phil.hunt@independentid.com), Independent
- Rich Levinson (rich.levinson@oracle.com), Oracle
- Roland Hedberg (roland@catalogix.se), Independent
- Ryo Ito (ryo.ito@mixi.co.jp), mixi, Inc.
- Torsten Lodderstedt (torsten@lodderstedt.net), yes.com
- Vladimir Dzhuvinov (vladimir@connect2id.com), Connect2id