Class OidcService

Direct Known Subclasses:

public class OidcService
extends OAuthService
An OpenId Connect authentication service provider.

This class implements an OpenID Connect client (core specification), which can be used to allow the user to be safely authenticated with your web application without needing to store or even handle his authorization credentials (such as a password).

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

This implementation only supports authentication using the Authorization Code Flow.

The configuration of this service is done by using the setters the service class exposes. Before the authentication process can be started these settings must be configured first and may not be changed afterwards.

The OpenID Connect protocol, including the subsequent use for authentication, consists of a number of consecutive steps, some of which require user interaction, and some which require the use of remote web services. The state machine for this process is implemented in an OidcProcess. To use OpenID Connect, you need to create such a process and listen for state changes.