Embed Size (px)
DESCRIPTION
Identity is ubiquitous. Regardless of the kind of applications you develop you will, at some point, almost certainly have to deal with identifying users of the app. Yet it's seldom a central part of the app’s value proposition and rarely a core competency for developers. Wouldn’t it be nice to outsource user authentication and free yourself from the liability and complexity of storing and managing passwords? OpenID Connect, just ratified earlier this year and backed by some big industry names, is emerging as the go to standard way to do exactly that. Connect allows you to easily and securely get an answer to the question: “What is the identity of the person currently using this browser or native app?” Unlike some of it’s predecessors, however, Connect has roots spanning the consumer, SaaS and enterprise space and is better suited to serve a diverse set of deployments. Come find out more about Connect in this talk from a seasoned veteran of the prestigious basement conference rooms at GlueCon.
Citation preview
![Page 1: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/1.jpg)
OpenID Connect
a simple[sic] single sign-on & identity layer on top of OAuth 2.0
Brian Campbell@__b_c
Copyright © 2014 Brian Campbell. All rights reserved.
![Page 2: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/2.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 2
Agenda
• Introductions• Framing the Problem• OpenID Connect as an Emergent Solution • Nuts & Bolts: The Basic Client Profile• Random Thoughts
![Page 3: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/3.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 3
Who Dat?Brian CampbellSome Meaningless Title & 10+ years @
Used to write a lot of code Now active in standards development
Identity is ubiquitous. Regardless of the kind of applications you develop you will, at some point, almost certainly have to deal with identifying users of the app. Yet it's seldom a central part of the app’s value proposition and rarely a core competency for developers. Wouldn’t it be nice to outsource user authentication and free yourself from the liability and complexity of storing and managing passwords? OpenID Connect, just ratified earlier this year and backed by some big industry names, is emerging as the go to standard way to do exactly that. Connect allows you to easily and securely get an answer to the question: “What is the identity of the person currently using this browser or native app?” Unlike some of it’s predecessors, however, Connect has roots spanning the consumer, SaaS and enterprise space and is better suited to serve a diverse set of deployments. Come find out more about Connect in this talk from a seasoned veteran of the prestigious basement conference rooms at GlueCon.
Cardboard box
![Page 4: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/4.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 4
Speaker Credentials
![Page 5: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/5.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 5
Speaker Credentials
![Page 6: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/6.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 6
Speaker Credentials
Prominently mentioned on the second to last page that nobody will ever read just before the copyright notices
![Page 7: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/7.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 7
Agenda
• Introductions• Framing the Problem• OpenID Connect as an Emergent Solution • Nuts & Bolts: The Basic Client Profile• Random Thoughts
![Page 8: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/8.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 8
Passwords are Broken For Users
Death by a Thousand Passwordstrue story: “holyfucknotanotherfuckingpassword1”
PASSWORD FATIGUE
![Page 9: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/9.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 9
Passwords are Broken For Users
What?
A Well Regarded Fortune 500 Financial Services Company
![Page 10: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/10.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 10
Passwords also Broken for Service Providers
• Hell on user registration conversion rates
• Managing passwords is hard– Just ask Adobe or LinkedIn
or Kickstarter or…
![Page 11: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/11.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 11
Agenda
• Introductions• Framing the Problem• OpenID Connect as an Emergent Solution • Nuts & Bolts: The Basic Client Profile• Random Thoughts
![Page 12: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/12.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 12
Introducing OpenID Connect• Easily and securely get an answer to the
question: “What is the identity of the person currently using this browser or native app?”– Without taking on the responsibility of storing and
managing passwords, which is nice• Built on top of OAuth 2.0 using familiar and
widely available stuff like JSON and HTTP• Adds an ID Token (JWT) for user authentication
to the client• API access and SSO together
![Page 13: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/13.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 13
Unlike Predecessors
Connect isn’t broken for mobile
![Page 14: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/14.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 14
OAuth 2.0 In A Nutshell
Client
ResourceServer
Get an access token
Use an access token
AuthorizationServer
Authorization Endpoint
Token Endpoint
Important Stuff
Where the magic
happens
![Page 15: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/15.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 15
OAuth 2.0
JOSE WebFinger
OpenIDConnect
![Page 16: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/16.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 16
OpenID Connect is built on OAuth 2.0
Discovery
ClientRelying Party
ResourceServer
Get an access token
& an ID Token (JWT)
Use an access token
AuthorizationServer
Identity Provider orIDP or
OpenID Provider orOP
Authorization Endpoint
Token Endpoint
Important Stuff
Userinfo Endpoint
Registration Endpoint
JWKS Endpoint
JWKS Endpoint
Validate (JWT)
ID Token
/.well-known /webfinger /openid-configuration
Check Session IFrame
End Session Endpoint
![Page 17: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/17.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 17
Didn’t Someone Say “Simple”?• It wasn’t me
• It’s not simple, it’s complicated• But the burden of complexity has been shifted
to the Identity Provider, where it’s more appropriate
• Many deployments can be à la carte
Mr. Boombastichttps://www.flickr.com/photos/67589493@N00/166195826
(cropped)https://creativecommons.org/licenses/by/2.0/
![Page 18: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/18.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 18
Agenda
• Introductions• Framing the Problem• OpenID Connect as an Emergent Solution • Nuts & Bolts: The Basic Client Profile• Random Thoughts
![Page 19: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/19.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 19
Basic Client• OpenID Connect Basic Client Implementer's
Guide 1.0 – http://openid.net/specs/openid-connect-basic-1_0.html
• “a subset of the OpenID Connect Core 1.0 specification that is designed to be easy to read and implement for basic Web-based Relying Parties using the OAuth Authorization Code Flow.”
![Page 20: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/20.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 20
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
![Page 21: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/21.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 21
Basic Client Flow
End-User / Browser
Client Auth Server
https://connect-interop.pinglabs.org:9031/as/authorization.oauth2?client_id=some-client-identifier&response_type=code&scope=openid profile email address phone&state=meh234&redirect_uri=https://client.example.io/cb
Redirect w/ Authentication Request
Authentication Request
not encoded for readability
![Page 22: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/22.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 22
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
![Page 23: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/23.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 23
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
![Page 24: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/24.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 24
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
![Page 25: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/25.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 25
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
![Page 26: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/26.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 26
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ code
![Page 27: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/27.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 27
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ code
https://client.example.io/cb?state=meh234&code=JbXAZUzro_ka3htpQSePwxOMjTfQX8RxmRELgiP1
![Page 28: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/28.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 28
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
![Page 29: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/29.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 29
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
POST /as/token.oauth2 HTTP/1.1Host: connect-interop.pinglabs.org:9031Content-Length: 185Content-Type: application/x-www-form-urlencoded
client_id=some-client-identifier&grant_type=authorization_code&client_secret=super-duper-password&redirect_uri=https://client.example.io/cb&code=JbXAZUzro_ka3htpQSePwxOMjTfQX8RxmRELgiP1
not encoded for readability
![Page 30: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/30.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 30
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
Token Response w/ access & ID token
![Page 31: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/31.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 31
Basic Client Flow
End-User / Browser
Token Response w/ access & ID token
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
HTTP/1.1 200 OKDate: Tue, 13 May 2014 15:43:14 GMTCache-Control: no-cache, no-storePragma: no-cachemax-age: Thu, 01 Jan 1970 00:00:00 GMTContent-Type: application/json;charset=UTF-8Expires: Thu, 01 Jan 1970 00:00:00 GMTTransfer-Encoding: chunked
{"token_type":"Bearer","expires_in":600,"id_token":"eyJhbGciOiJub25lIn0.eyJzdWIiOiIxMDAxIiwiYXVkIjoic29tZS1jbGllbnQtaWRlbnRpZmllciIsImp0aSI6Ijc2UnJHdkM1bDNRT1BPMDVwTGpVdmEiLCJpc3MiOiJodHRwczpcL1wvY29ubmVjdC1pbnRlcm9wLnBpbmdsYWJzLm9yZzo5MDMxIiwiaWF0IjoxMzk5OTk1Nzg1LCJleHAiOjEzOTk5OTYzODV9.","access_token":"zfrQZYtamGHS6ZYXdSV4Yo"}
![Page 32: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/32.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 32
Token Response w/ access & ID token
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
eyJhbGciOiJub25lIn0.eyJzdWIiOiIxMDAxIiwiYXVkIjoic29tZS1jbGllbnQtaWRlbnRpZmllciIsImp0aSI6Ijc2UnJHdkM1bDNRT1BPMDVwTGpVdmEiLCJpc3MiOiJodHRwczpcL1wvY29ubmVjdC1pbnRlcm9wLnBpbmdsYWJzLm9yZzo5MDMxIiwiaWF0IjoxMzk5OTk1Nzg1LCJleHAiOjEzOTk5OTYzODV9.
{"alg":"none”}
{"sub":"1001", "aud":"some-client-identifier", "jti":"76RrGvC5l3QOPO05pLjUva", "iss":"https:\/\/connect-interop.pinglabs.org:9031", "iat":1399995785, "exp":1399996385}
![Page 33: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/33.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 33
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
Token Response w/ access & ID token
User Info Request w/ access token
![Page 34: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/34.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 34
Token Response w/ access & ID token
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
GET /idp/userinfo.openid HTTP/1.1Host: connect-interop.pinglabs.org:9031Accept: */*Authorization: Bearer zfrQZYtamGHS6ZYXdSV4Yo
User Info Request w/ access token
![Page 35: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/35.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 35
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
Token Response w/ access & ID token
User Info Response
User Info Request w/ access token
![Page 36: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/36.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 36
User Info Request w/ access token
Token Response w/ access & ID token
Basic Client Flow
End-User / Browser
Client Auth Server
Redirect w/ Authentication Request
Authentication Request
Authenticate End-User
Obtain User Consent
Redirect w/ Authentication Response
Authentication Response w/ codeToken Request w/ code
User Info Response
HTTP/1.1 200 OKDate: Tue, 13 May 2014 15:44:13 GMTContent-Type: application/json;charset=UTF-8
{"sub": "1001", "name": "Joe Doe", "given_name": "Joe", "family_name": "Doe", "preferred_username": "joe", "email": "[email protected]", "picture": "http://farm8.staticflickr.com/7224/7395022014_1f6f3b33c8_m.jpg", "address":{"formatted":"1234 South North Street, Amherst, MA 01002"}, "phone_number":"+1 (413) 867-5309"}
![Page 37: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/37.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 37
That was Simple?• There are a lot of lines…
• But from the Client’s perspective– Send the user off somewhere – Wait for them to show up on a callback– Make two simple HTTPS calls and validate some
data – Done
![Page 38: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/38.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 38
Agenda
• Introductions• Framing the Problem• OpenID Connect as an Emergent Solution • Nuts & Bolts: The Basic Client Profile• Random Thoughts
![Page 39: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/39.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 39
It’s Not All Rainbows & Unicorns• SAML’s IDP initiated POST is easily the most
successful SSO deployment for the enterprise market
• Some impedance mismatch as Connect doesn’t have straightforward equivalents
![Page 40: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/40.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 40
Tweet Bait
https://twitter.com/cloud_opinion/status/459481058480648193
one picture
of a goat
![Page 41: OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0](https://reader035.dokumen.tips/reader035/viewer/2022070313/554a2801b4c9051b578b4ad2/html5/thumbnails/41.jpg)
Copyright © 2014 Brian Campbell. All rights reserved. 41
I’m Done.
