OpenID Connect (OIDC) is an authentication protocol built on top of the OAuth 2.0 authorization framework. It enables third-party applications (OIDC Clients) to verify end-users' identities and obtain basic profile information in a secure and standardized manner.
For example, the "Sign-in with Google", or "Sign-in with Facebook" pages on any application are the implementation of OIDC flow.
In a typical OIDC flow (the Hybrid Flow):
The end-user initiates authentication by attempting to log in to the client application.
The client application redirects the end-user to the authorization server.
The end-user authenticates with the authorization server, usually by providing their credentials (username and password).
The end-user accepts or declines the sharing of personal information, which is requested by the client application.
If the authentication is successful, and the end-user also authorizes the data sharing, the authorization server returns an authorization code to the client application.
The client application exchanges the authorization code for an access token and an ID Token from the authorization server.
The client application validates the ID Token, extracts the user's identity information, and establishes a session for the end-user, so that end-user can access to the client application.
OIDC allows client applications to delegate end-user authentication to a trusted identity provider, reducing the need for applications to manage user credentials directly and improving overall security.
And what THXNET. provides is, enabling the end-users to become their own authorization server, and encouraging the client applications to use just the ID-Wallet's address as the unique key of the end-user's data entry inside their services or databases.
The end-users have the freedom to choose which personal information to share and update their personal information themselves. The information is then pushed to client applications (typically organizations or businesses using the Leafchains), and the end-users have the ability to revoke the personal information they initially provided to those organizations or businesses at any time.