OpenID Connect
OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. It’s uniquely easy for developers to integrate, compared to any preceding Identity protocol.
An entity has multiple identities. Facebook extends OAuth with 'signed request' does the same thing as OpenID Connect.
(Identity, Authentication) + OAuth 2.0 = OpenID Connect
Final OpenID Connect specifications were launched on February 26, 2014.
The certification program for OpenID Connect was launched on April 22, 2015. Google, Microsoft, Ping Identity, ForgeRock, Nomura Research Institute, and PayPal OpenID Connect deployments were the first to self-certify conformance.
IDP = identity provider = offer authentication as a service
RP = relying party = app that outsources its authentication function to an IDP
JWT = json web token = data structures with signatures
OpenID Connect is a simple identity layer that works over the top of OAuth 2.0. It uses the same underlying REST protocol, but adds consistency and additional security on top of the OAuth protocol.
OAuth 2.0 is fundamentally an authorisation protocol, not an authentication protocol.
From http://andrewlock.net/an-introduction-to-openid-connect-in-asp-net-core/
From http://openid.net/specs/openid-connect-implicit-1_0.html
From https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets