OIDC

OpenID Connect Core 1.0 incorporating errata set 1

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. This specification defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User. It also describes the security and privacy considerations for using OpenID Connect. This document is an officially published standard.

Full text: https://openid.net/specs/openid-connect-core-1_0.html

Countermeasures

This document introduces a number of security countermeasures for OAuth. The OAuch tests related to these countermeasures are:

• IdTokens.HasRequiredClaimsTest
• IdTokens.NoncePresentInTokenTest
• IdTokens.HasAuthorizedPartyTest
• IdTokens.IsSignedTest
• IdTokens.KeyReferencesTest
• AuthEndpoint.SupportsPostAuthorizationRequestsTest
• AuthEndpoint.RedirectUriRequiredTest
• TokenEndpoint.IsHttpsRequiredTest
• TokenEndpoint.IsClientAuthenticationRequiredTest
• TokenEndpoint.IsGetSupportedTest
• IdTokens.IsAccessTokenHashCorrectTest
• IdTokens.HasCorrectIssuerTest
• IdTokens.HasCorrectAudienceTest
• IdTokens.HasAzpForMultiAudienceTest
• IdTokens.HasCorrectMacTest
• IdTokens.ClientSecretLongEnoughTest
• AuthEndpoint.NonceRequiredTest
• IdTokens.IsAccessTokenHashPresentTest
• IdTokens.CodeHashValidTest
• IdTokens.IsAuthorizationCodeHashPresentTest

Back to the documents overview