SSO via OIDC (OpenID Connect)

What is OpenID Connect, how does it work and why is it used?

In this article, we'll introduce you to SSO via the OIDC (OpenID Connect) protocol, how it works at Beetween and the benefits of using it.

What is SSO via OIDC?

SSO via OIDC is a connection mode that authenticates a user to an identity provider (Google, Microsoft...) via OpenID Connect (OIDC), an identification layer based on OAuth 2.0, an authorization protocol. OIDC is a standard managed by the OpenID Foundation.

How does OpenID Connect work?

As mentioned above, OpenID Connect uses the OAuth protocol, which works as follows:

1. The user goes to the Beetween login page;
2. He chooses “Connect with...”, i.e. via SSO, and fills in his credentials corresponding to the identity provider;
3. A request is then sent to the identity provider;
4. The identity provider authenticates the user and authorizes him to connect;
5. Beetween uses the URL to retrieve user information (/userinfo);

6. Beetween uses the information in this URL to check that the user is known (the user's SSO login must have been correctly entered when the Beetween account was created);

7. The user is connected to Beetween.

Of course, for an SSO connection to work, the identity provider must have been declared to Beetween beforehand, so that the software can recognize the identifiers used. You'll also need to provide us with the configuration URL.

Why use OpenID Connect?

OpenID Connect enables you to retrieve reliable information about users who are trying to log in, and thus identify them formally. With OIDC, password storage and management is no longer necessary.

OpenID Connect can also support personal data encryption and automatic session logout, for example. It guarantees security and privacy.

🚀 To go further…

The process used for authentication is implicit flow, which will evolve in the future. Beetween does not use scope.