OpenID 2.0 to OpenID Connect Migration (aka OID2 to OIDC Migration) is a spec that allows RPs to associate the old OpenID 2.0 identifiers to the new OpenID Connect identifiers without user intervention or extra round trip. The spec has …

So, there has been a flurry of worries induced by the CNET and other articles [1] about “Covert Redirect”. Like Leandro Boffi wrote in his blog post [2], this is not a new attack. It is an attack that has been …

Celebrate! OpenID Connect 1.0 Final is here! After four and half years, or six years if we include the time needed to start the working group, finally, OpenID Connect is released as final. Like I have been explaining many times …

Many people seem to ask for the guidance on which grant / flow to use in OpenID Connect. Here is my straw-man answer. Conditions / Requirement code grant implicit grant hybrid grant Server is not directly reachable from the client …

After the Berlin OpenID AB/C WG F2F meeting, I have been trying to refactor the Connect suites into more palatable form. I am supposed to create two sets of the refactored version. One for a granular split version and the …

OpenID Connect has many components. Sometimes, it seems confusing what to read for a new reader, or worse, intimidating. Here is a flow chart I created as a guide to a new reader. Hope this is going to be useful. …

An OpenID Connect server is just an OAuth 2.0 server on steroids. What it does it to return the ID Token, which contains information about the authentication event for the user at the door, in addition to the Access Token. …

People like me who is working on internet identity space is trying to solve so called “Internet Dog Problem.” You surely must have seen this picture — InternetDog.jpg : On the internet, nobody knows you’re a dog. This is a …

So I was in UMA call today and that reminded me of this use case. How does Alice share her protected resources (like medical test result) to Bob? I may have bloged in the past, but here is another try. …