OpenID Connect: In a Nutshell

profile picture Elly Heath 4 min read
A lady using a log-in page on a laptop

There is a lot of information available about OpenID Connect (OIDC). A quick search online and it’s easy to get lost in technical jargon and still be left clueless as to what it actually is and if it could be useful for your business. 

In this blog, we cut through the noise and break it down for you.

How did OpenID Connect come to be?

Less than a decade ago, businesses in the online retail, search and social media spaces required you to set up an account and your details were stored. 

This created two problems: you had to sign up on every website (and remember those credentials for the future), and in the online retail world, customers would often fill their baskets but not checkout due to the effort of having to create an account. Not to mention the administrative and security risks for businesses of storing customer information.

Enter OpenID Connect.

What is OpenID Connect?

Launched in 2014 by the OpenID Foundation, OIDC lets you use single sign-on (SSO) to access multiple sites using OpenID Providers. For example, logging in to Spotify using your Facebook account credentials. 

OIDC is the third generation of OpenID technology and is now the leading online interface to achieve multiple domain SSO and prove your identity. 

OIDC is web and mobile-friendly, as well as API friendly. If you’re interested in learning about the technical details, you can find more information about how it works here

Some of the biggest brands are providers of OIDC, including Google, Apple, Microsoft, Facebook, X and Spotify. Any company who needs to capture customer credentials online and is keen to reduce barriers for users, should consider if OIDC is right for their business.

Let’s take a closer look at the benefits to both users and businesses. 

Benefits of OpenID Connect

The main benefit for users is reduced time and effort in having to set up multiple accounts (and remember all those passwords!). You can visit the same website many times or navigate seamlessly across numerous websites without needing to sign in every time – particularly benefiting retail businesses with reduced barriers at the point of sale. 

There may also be a feeling of trust for some users when interacting with a business for the first time if they can use their pre-existing credentials. This benefits businesses as they can rely on the trust users have in third party well-established brands in the space. 

There are some drawbacks to OIDC to be aware of too.

Possible cons of OpenID Connect

To be effective, businesses are relying on users being willing to use OIDC in the first place. Users are increasingly aware of their online footprint and so may be wary of logging in with their social media credentials for example, thinking that they are sharing their entire profile. People are more cautious than ever before about businesses gaining access to their personal information and exploiting it.

The authorisation of OIDC could also come into question in some circumstances. For instance, when you log in with Google: 

  1. If you’re already logged in to Google in the same browser that you’re asked to “log in with Google” (on another website), you won’t be asked to enter your password again 
  2. If you aren’t already logged in to Google, the other website will you ask for your password to prove its you

 

With option 1, anyone with access to your laptop or mobile would be able to browse online via your credentials, without being asked for a password. 

 

And there you have it – OpenID Connect in a nutshell. If you have any other questions about OIDC, please get in touch.

Keep reading

How accurate can facial age estimation get?

Facial age estimation using machine learning has advanced significantly in recent years. But, a common and fair question still arises: How accurate can it really be? Can a system look at your face and accurately guess your age, especially when humans often get it wrong? The short answer is that it’s very accurate – but not perfect. We explain why.   The myth of 100% accuracy It’s important to set realistic expectations. No facial age estimation model can achieve 100% accuracy across all ages.  Human aging is highly individual and shaped by many external factors, especially as we get

6 min read
Synthetic identity fraud is committed by the theft of a real piece of persoanl information such as an SSN, and combined with false information to make up an entirely synthetic identity that often bypasses traditional checks

What is synthetic identity fraud? How it works and how to prevent it

What is synthetic identity fraud? Synthetic identities are fake identities, built by combining real and made-up information, earning them the nickname “Frankenstein IDs” due to their pieced-together nature. Synthetic identity fraud is different to traditional identity fraud as it doesn’t involve an obvious, immediate consumer victim. These fake profiles are designed to mimic real customers, often slipping past traditional fraud detection systems because they don’t raise typical red flags. As a result, the primary victims of synthetic identity fraud are businesses and lenders, who bear the financial losses.   How synthetic identities are created and used

8 min read
Woman presenting a 2d image trying to perform a presentation attack

Why early detection is critical in stopping deepfake attacks

Digital identity and age verification are becoming integral parts of customer onboarding and access management, allowing customers to get up and running on your platform fast. However as customer verification tools become more advanced, so too are fraudsters seeking to spoof systems by impersonating someone, appearing older than they really are or passing as a real person when they’re not. Deepfake attacks, which can mimic a person’s face, voice or mannerisms, pose a serious threat to any business using biometric customer verification. In this blog, we explore why detecting deepfakes early is essential for maintaining trust, security and regulatory

6 min read