Third-Party Authentication

So, users get an access token when they login to a REST API. But how do we get information about which account the user logged in to? ID tokens to the rescue! And these can also be used to let users login to your application using their account in another application (such as Facebook, Google, etc.).

Lecture material

• third-party-authentication.pdf
• third-party-authentication.pptx

Recommended reading

• List of public OpenID Connect providers
• OpenID Connect explained
• The Specification for OpenID Connect Core 1.0
  • At least 5.1. Standard Claims, but the more you can read and understand, the better.