What do you think?
Rate this book
OpenID Connect
Signup and login with a Google, Yahoo, or Microsoft account can be found in more and more web and mobile apps. One login used by many, freeing the end-user from the burden of managing many accounts and passwords. Signup and login to a new app become so smooth and convenient, that end-users are much more likely to try a new app.
For us developers of web and mobile apps, these signup and login features are attractive, too: we do not need to manage user credentials, and we get a higher conversion rate resulting in more new customers. In effect, this means cutting costs and increasing the number of new customers for our apps.
So how does this feature “Signup and login with Google, Yahoo, or Microsoft” work? It is realized with OpenID Connect, a standardized protocol for sharing end-user data in a secure and controlled manner. Exploring how OpenID Connect works, so we as developers can enjoy its benefits is the subject of this book.
This book explains the overall concept of OpenID Connect, so we understand who the actors are, which endpoints and tokens are involved and how these elements interact in so-called flows. These flows tend to get confusing, so we visualize these flows as sequence diagrams, and show how to choose the flow that is appropriate for a given scenario. Using examples, we explore how the tokens are constructed, signed and encrypted with JWT, JWS, and JWE.
This is not a programming book, don't expect implementations with a specific programming language or library. Instead, we focus on understanding OpenID Connect on a conceptual level, so we can design and architect apps that work with OpenID Connect. And OpenID Connect is the standard behind creating smooth login and signup experiences, increasing the customer signup rate, and creating highly converting apps.
For us developers of web and mobile apps, these signup and login features are attractive, too: we do not need to manage user credentials, and we get a higher conversion rate resulting in more new customers. In effect, this means cutting costs and increasing the number of new customers for our apps.
So how does this feature “Signup and login with Google, Yahoo, or Microsoft” work? It is realized with OpenID Connect, a standardized protocol for sharing end-user data in a secure and controlled manner. Exploring how OpenID Connect works, so we as developers can enjoy its benefits is the subject of this book.
This book explains the overall concept of OpenID Connect, so we understand who the actors are, which endpoints and tokens are involved and how these elements interact in so-called flows. These flows tend to get confusing, so we visualize these flows as sequence diagrams, and show how to choose the flow that is appropriate for a given scenario. Using examples, we explore how the tokens are constructed, signed and encrypted with JWT, JWS, and JWE.
This is not a programming book, don't expect implementations with a specific programming language or library. Instead, we focus on understanding OpenID Connect on a conceptual level, so we can design and architect apps that work with OpenID Connect. And OpenID Connect is the standard behind creating smooth login and signup experiences, increasing the customer signup rate, and creating highly converting apps.
154 pages, Kindle Edition
Published February 2, 2019
27 people are currently reading
115 people want to read
About the author
Matthias Biehl
13 books14 followersMatthias has provided expertise to international and national companies in the areas of API strategy, API architecture, security, software engineering and software integration. At some point, he got a PhD.
Nowadays, he uses his background in technology and software engineering to help companies realize their digital transformation agendas and bring innovative software solutions to the market.
He also loves sharing his knowledge in the classroom, at workshops, and in his books. Matthias is an instructor at the API-University, publishes a blog on APIs, is the author of several books on APIs and regularly speaks at technology conferences.
Nowadays, he uses his background in technology and software engineering to help companies realize their digital transformation agendas and bring innovative software solutions to the market.
He also loves sharing his knowledge in the classroom, at workshops, and in his books. Matthias is an instructor at the API-University, publishes a blog on APIs, is the author of several books on APIs and regularly speaks at technology conferences.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
February 21, 2021
Great Overview of the Topic
The author provides a fast and dry intro to the key concepts which are presented programming language neutral. This makes the material more accessible. Having this overview prepares the reader for diving deeper into OpenID Connect, ideally by writing some code.
The only reason I didn't give five stars: The book is not only fast and dry, in fact its style is bone dry and at times I felt I had to force myself to continue reading. I'm glad, though, I did.
The author provides a fast and dry intro to the key concepts which are presented programming language neutral. This makes the material more accessible. Having this overview prepares the reader for diving deeper into OpenID Connect, ideally by writing some code.
The only reason I didn't give five stars: The book is not only fast and dry, in fact its style is bone dry and at times I felt I had to force myself to continue reading. I'm glad, though, I did.
June 18, 2022
Easy explain for openid connect flows. Recommend to start in identity domain.
Displaying 1 - 2 of 2 reviews