OpenID Connect
Last updated
Last updated
OpenID Connect (OIDC) is an authentication protocol that extends the OAuth 2.0 authorization framework. This industry-standard protocol enables third-party applications (OIDC Clients) to verify end-user identities and obtain basic profile information through secure, standardized procedures.
Common implementations of this protocol include the familiar "Sign in with Google" or "Sign in with Facebook" authentication options present across numerous digital platforms.
The standard OIDC implementation (typically following the Hybrid Flow model) proceeds through these sequential steps:
The end-user initiates authentication by attempting to access a secure resource within the client application.
The client application redirects the end-user to the designated authorization server.
The end-user authenticates with the authorization server by providing valid credentials, typically username and password.
The end-user reviews and either accepts or declines the client application's request to access specific personal information.
Upon successful authentication and authorization, the authorization server transmits an authorization code to the client application.
The client application exchanges this authorization code for both an access token and an ID token from the authorization server.
The client application validates the ID token, extracts the user's identity information, and establishes an authenticated session for the end-user, granting access to protected resources.
This methodology allows client applications to delegate authentication responsibilities to trusted identity providers, reducing credential management complexity and enhancing overall security posture.
THXNET. transforms this paradigm by empowering end-users to function as their own authorization servers. Our platform encourages client applications to utilize the end-user's address as the primary identifier for user data records within their services and databases.
Within this framework, end-users maintain complete autonomy over their personal information, including:
Selective disclosure of personal information to service providers
Self-management of personal information updates
Direct information distribution to authorized client applications (typically organizations operating on Leafchains)
Capability to revoke previously granted information access privileges from any organization or business at any time
This self-sovereign approach represents a fundamental shift in digital identity management, placing control firmly in the hands of individual users while maintaining compatibility with existing application infrastructures.