In a nutshell
OpenID Connect is an open standard and decentralized authentication protocol that allows applications and services (known as relying parties or RP) to authenticate users using third-party identity providers (e.g., Google or Facebook).
Once users authenticate using an identity provider, the relying party receives an ID token (a JWT) from the identity provider that proves the user has authenticated and that can provide additional user details (e.g., name or email) in the JWT payload.
Why does it exist?
Building a secure and robust registration / login system is time-consuming and difficult. OpenID makes the process easier by eliminating the need for developers to implement their own registration / login systems.
|End user||The entity that wants to assert their identity.|
|Relying party (RP) / Service provider||Website or app that wants to verify the end user’s identity.|
|Identity provider / OpenID provider (OP)||The service that specializes in registering OpenID URLs or XRIs.|
The term OpenID can also refer to an identifier as specified in the OpenID standard. These identifiers are typically a URI that’s managed by an OpenID provider.