--- title: What is OpenID Connect description: The OpenID Connect protocol extends the OAuth 2.0 protocol to add an authentication and identity layer for application developers. Where OAuth 2.0 provides the application developer with security tokens to be able to call back-end resources on behalf of an end-user; OpenID Connect provides the application with information about the end-user, the context of their authentication, and access to their profile information. component: developer-resources page_id: developer-resources:openid_connect_developer_guide:what-is-openid-connect canonical_url: https://docs.pingidentity.com/developer-resources/openid_connect_developer_guide/what-is-openid-connect.html revdate: September 30, 2020 section_ids: application-developer-considerations: Application Developer Considerations --- # What is OpenID Connect The OpenID Connect protocol extends the OAuth 2.0 protocol to add an authentication and identity layer for application developers. Where OAuth 2.0 provides the application developer with security tokens to be able to call back-end resources on behalf of an end-user; OpenID Connect provides the application with information about the end-user, the context of their authentication, and access to their profile information. Two new concepts are introduced on top of the OAuth 2.0 authorization framework: * an OpenID Connect "ID token" which contains information around the user's authenticated session and * a UserInfo endpoint which provides a means for the client to retrieve additional attributes about the user OpenID Connect uses the same actors and processes as OAuth 2.0 to get the ID token, and protects the UserInfo endpoint with the OAuth 2.0 framework. ## Application Developer Considerations There are three main actions an application developer needs to handle to implement OpenID Connect: 1. Get an OpenID Connect id\_token By leveraging an OAuth2 grant type, an application will request an OpenID Connect id\_token by including the "openid" scope in the authorization request. 2. Validate the id\_token Validate the id\_token to ensure it originated from a trusted issuer and that the contents have not been tampered with during transit. 3. Retrieve profile information from the UserInfo endpoint Using the OAuth2 access token, access the UserInfo endpoint to retrieve profile information about the authenticated user.