There are three main actions an application developer needs to handle to implement OpenID Connect:

  1. Get an OpenID Connect id_token By leveraging an OAuth2 grant type, an application will request an OpenID Connect id_token by including the "openid" scope in the authorization request.
  2. Validate the id_token Validate the id_token to ensure it originated from a trusted issuer and that the contents have not been tampered with during transit.
  3. Retrieve profile information from the UserInfo endpoint Using the OAuth2 access token, access the UserInfo endpoint to retrieve profile information about the authenticated user.