Education & Training

Services & Support



{{search ? 'Close':'Search'}}

OpenID Connect

What is OpenID Connect?

Find Out [2:50]

Related Videos

Use OpenID Connect to verify user identity and user attributes via the REST interface

OpenID Connect is the industry standard authentication protocol that allows developers to easily authenticate their users across websites and apps without having to own and manage password files. The end benefit to both the developer and the enterprise is a secure, verifiable way to validate the identity of the person using any app connected to back to the enterprise.

OpenID Connect sits on top of OAuth to verify user identity and user attributes. CA API Gateway and CA Mobile API Gateway provide the OAuth Toolkit as a pre-integrated component, making it simple to add OAuth-based access control to enterprise resources exposed via APIs for reuse in Web and mobile apps. Among other use cases, this allows CA API Gateway to act as an OAuth Server for CA Microgateway implementations.

The OAuth Toolkit supports the OAuth standards as well as JWT (JSON Web Token) bearer tokens and a range of extension grant types. Optional HMAC or RSA signatures are supported for maximum interoperability. OpenID Connect is fully supported with the OAuth Toolkit, including OpenID Certifications for Basic, Config, Implicit and Hybrid profiles.

Click to watch video

How does OpenID Connect work?

OpenID Connect is an identity layer on top of the OAuth framework, which allows clients to verify the identity of an end user based on the authentication performed by the identity provider, as well as to obtain basic information about the user in an interoperable manner.

OpenID Connect requires a RESTful HTTP API, using JSON as a data format. It generates an ID Token that represents the end user, signed and/or encrypted via asymmetric or symmetric cryptography. OpenID Connect is maintained by the OpenID Foundation. For the enterprise, the biggest value of OpenID Connect is that it enables native single sign-on (SSO) for range of users, including Web-based and mobile clients. This allows those users to access enterprise applications easily and securely.

From the user perspective, the interaction is very simple and inobtrusive. Your enterprise application requires authentication via OpenID Connect (because it was written that way). The application redirects you to an OpenID Connect server to identify you and get your profile information. This is done with an OAuth flow. The server will authenticate you and produce the information about you in the form of a JSON Web Token (JWT). The token will stay with the app to prove authentication and identity on future request.

OAuth Toolkit Key Features with OpenID Connect

Developer friendly

Uses JSON, RESTful HTTP and standard user attributes—all available through the familiar tools that you use to enable OAuth.

OpenID Certifications

For Basic, Config, Implicit and Hybrid profiles, ensuring the highest interoperability. Learn more about OpenID Certification.

Unobtrusive Security

Add strong but user-friendly login security to mobile apps that access backend enterprise resources.

Secure Mobile Access for Enterprise Employees

The true potential of mobile devices is in the apps they run. To get real value from mobile, enterprises are providing their employees with apps that can access corporate resources and information—even when the devices being used are not under corporate control. OpenID Connect plays a key role in providing secure mobile access to enterprise resources.

OAuth and OpenID Connect Resources

Read more customer success stories.


Troubleshoot technical issues, browse the latest product documentation and access support announcements.


Find answers and share knowledge with your peers in interactive forums.

OpenID Connect Resources

Click to watch video
Click to watch video
Click to watch video