0Pricing
Cryptology Academy · Lesson

OpenID Connect Claims and ID Tokens

Decode JWT-based ID tokens, understand claim validation, and implement OIDC correctly.

OIDC as Identity Layer

OpenID Connect (OIDC) adds an identity layer on top of OAuth 2.0. While OAuth 2.0 handles authorization (what can this app access?), OIDC answers the identity question (who is the user?). OIDC is implemented by adding the "openid" scope to an OAuth 2.0 request, which causes the authorization server to return an ID token alongside the access token.

ID Token as JWT

The OIDC ID token is a JSON Web Token (JWT) containing claims about the authenticated user. The JWT is signed by the authorization server using its private key (RS256 or ES256 typically), and the relying party (client application) verifies the signature using the authorization server's published public keys (JWKS endpoint).

All lessons in this course

  1. OAuth 2.0 Flows and Token Types
  2. PKCE: Securing Public Clients
  3. OpenID Connect Claims and ID Tokens
  4. OAuth Vulnerabilities and Attack Patterns
← Back to Cryptology Academy