OPENID CONNECT / OIDC
defined.

What is OpenID Connect (OIDC)?

OIDC adds the id_token (a signed JWT representing the authenticated user) and the /userinfo endpoint. Common bugs: failing to validate aud, iss, nonce; trusting unsigned discovery documents; or accepting unsigned id_token in implicit flow.

Related terms.

• OAuth 2.0
• JSON Web Token (JWT)
• Security Assertion Markup Language (SAML)
• Multi-Factor Authentication (MFA)

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.