OpenID Connect support
OIDC enables client applications to verify the identity of a user based on the authentication that is performed by an OIDC provider.
OpenID Connect (OIDC) is an identity protocol and open standard that is built on top of the OAuth 2.0 protocol. The DataPower® Gateway supports OIDC and implements OIDC for social login support. The social login provider works as the OIDC provider and the DataPower Gateway works as the OIDC client.
To understand OIDC, you must understand the following OIDC terms.
- Claim
- Information asserted about an entity. Examples of claims include phone number, given name, surname, and others.
- ID token
- JSON Web Token (JWT) that contains claims about the authenticated user.
- OpenID Connect provider
- An OAuth 2.0 authorization server that can authenticate users and provide claims to a client.
To be compliant with the Open Banking Security Profile Draft
v1.1.2 standard, the following claims are mandatory. The DataPower
OIDC flow automatically adds these claims when needed. These claims
are supported as part of JWT generator in the DataPower OIDC flow.
- The
at_hash
claim, which is the access token hash value. - The
c_hash
claim, which is the authorization code hash value. - The
s_hash
claim, which is the state hash value.