How does OpenID Connect work?
OpenID Connect is an identity layer on top of the OAuth framework, which allows clients to verify the identity of an end user based on the authentication performed by the identity provider, as well as to obtain basic information about the user in an interoperable manner.
OpenID Connect requires a RESTful HTTP API, using JSON as a data format. It generates an ID Token that represents the end user, signed and/or encrypted via asymmetric or symmetric cryptography. OpenID Connect is maintained by the OpenID Foundation. For the enterprise, the biggest value of OpenID Connect is that it enables native single sign-on (SSO) for range of users, including Web-based and mobile clients. This allows those users to access enterprise applications easily and securely.
From the user perspective, the interaction is very simple and inobtrusive. Your enterprise application requires authentication via OpenID Connect (because it was written that way). The application redirects you to an OpenID Connect server to identify you and get your profile information. This is done with an OAuth flow. The server will authenticate you and produce the information about you in the form of a JSON Web Token (JWT). The token will stay with the app to prove authentication and identity on future request.