# OpenID Connect ### Standard Protocol Overview OpenID Connect (OIDC) is an authentication protocol that extends the OAuth 2.0 authorization framework. This industry-standard protocol enables third-party applications (OIDC Clients) to verify end-user identities and obtain basic profile information through secure, standardized procedures. Common implementations of this protocol include the familiar "Sign in with Google" or "Sign in with Facebook" authentication options present across numerous digital platforms. ### Conventional Authentication Flow The standard OIDC implementation (typically following the Hybrid Flow model) proceeds through these sequential steps: 1. The end-user initiates authentication by attempting to access a secure resource within the client application. 2. The client application redirects the end-user to the designated authorization server. 3. The end-user authenticates with the authorization server by providing valid credentials, typically username and password. 4. The end-user reviews and either accepts or declines the client application's request to access specific personal information. 5. Upon successful authentication and authorization, the authorization server transmits an authorization code to the client application. 6. The client application exchanges this authorization code for both an access token and an ID token from the authorization server. 7. The client application validates the ID token, extracts the user's identity information, and establishes an authenticated session for the end-user, granting access to protected resources. This methodology allows client applications to delegate authentication responsibilities to trusted identity providers, reducing credential management complexity and enhancing overall security posture. ### THXNET.'s Self-Sovereign Authentication Model THXNET. transforms this paradigm by empowering end-users to function as their own authorization servers. Our platform encourages client applications to utilize the end-user's [ID-Wallet](/white-paper/id-wallet-and-interoperability.md) address as the primary identifier for user data records within their services and databases. Within this framework, end-users maintain complete autonomy over their personal information, including: * Selective disclosure of personal information to service providers * Self-management of personal information updates * Direct information distribution to authorized client applications (typically organizations operating on Leafchains) * Capability to revoke previously granted information access privileges from any organization or business at any time This self-sovereign approach represents a fundamental shift in digital identity management, placing control firmly in the hands of individual users while maintaining compatibility with existing application infrastructures. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://thxnet.gitbook.io/white-paper/openid-connect.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.