OpenID Connect support

OIDC enables client applications to verify the identity of a user based on the authentication that is performed by an OIDC provider.

OpenID Connect (OIDC) is an identity protocol and open standard that is built on top of the OAuth 2.0 protocol. The DataPower® Gateway supports OIDC and implements OIDC for social login support. The social login provider works as the OIDC provider and the DataPower Gateway works as the OIDC client.

To understand OIDC, you must understand the following OIDC terms.

Claim: Information asserted about an entity. Examples of claims include phone number, given name, surname, and others.
ID token: JSON Web Token (JWT) that contains claims about the authenticated user.
OpenID Connect provider: An OAuth 2.0 authorization server that can authenticate users and provide claims to a client.

To be compliant with the Open Banking Security Profile Draft v1.1.2 standard, the following claims are mandatory. The DataPower OIDC flow automatically adds these claims when needed. These claims are supported as part of JWT generator in the DataPower OIDC flow.

The at_hash claim, which is the access token hash value.
The c_hash claim, which is the authorization code hash value.
The s_hash claim, which is the state hash value.