OpenID Connect(OIDC) in IBM API Connect
OpenID Connect(OIDC) is an authentication mechanism that allows clients to verify the login of an end user based on the authentication server or OIDC Provider.
OIDC allows individuals to use single sign-on (SSO) to access a few sites using OIDC Providers, such as an email provider, social network, or any other to authenticate their identities which they are using in their organizations.
What distinguishes OpenID Connect from OpenID 2.0?
Many of the same functions carried out by OpenID 2.0 are also carried out by OpenID Connect, but in an API-friendly and useable manner by native and mobile applications. Strong signing and encryption are defined as optional techniques in OpenID Connect. In contrast to OpenID Connect, where OAuth 2.0 capabilities are built right into the protocol, OAuth 1.0a and OpenID 2.0 integration required an extension.
OIDC in IBM API Connect
When multi-factor authentication (MFA) is necessary, users in API Connect are onboarded and authenticated using the OIDC user registry. Developer Portal users are onboarded and authenticated through an organization-specific OIDC user registry, whereas Cloud Manager, API Manager, and Developer Portal users can be onboarded and authenticated through a shared OIDC user registry.
Scenario: – Upon entering the Developer Portal. The user password or any other areas must be filled up. However, there is no need to continuously enter your username and password while using the OIDC User Registry.
The OIDC User Registry must be clicked after opening the IBM Developer Portal’s web UI to be redirected to the specific OIDC provider you’re using, such as Google, Slack, GitHub, Facebook, LinkedIn, and Standard OIDC, among others, which authenticates and logs you into the IBM Developer Portal so you can use/test the APIs.
OIDC is used in both the APIC Suite’s multi-factor authentication and the API onboarding process. The use of OIDC has various advantages (Open ID Connect)
Benefits/ Features of OIDC:-
1. Speeds up the login process
2. Minimizes password security risks
3. Improves your ability to control your online identity
4. Provides access to several tech platforms
5. Uses an existing account to sign into multiple websites