Ensure API Authentication and concrete5 External Authentication is Built on OIDC #6729
Labels
Status:Available
Reviewed issue, it’s real, we’d review a pull request.
Milestone
https://security.stackexchange.com/questions/37818/why-use-openid-connect-instead-of-plain-oauth2
OpenID Connect is an identity layer on top of the OAuth 2.0 protocol. In the identity / authentication industry, it is now the standard allowing easy plug/play implementation.
https://openid.net/specs/openid-connect-core-1_0.html (specification)
http://openid.net/certification/ (test suite is on this site)
There appear to be existing OIDC libraries in packagist that we should try to use if possible.
The text was updated successfully, but these errors were encountered: