OIDC OpenID Connect - Lightwave
OAuth 2.0 / OpenID Connect in Lightwave Introduction Lightwave OIDC serves two main purposes. 1. Security Token Service (STS) in the sense that it issues security tokens in the form of JWT tokens (similar to WS-TRUST which issues SAML 2.0 Assertions) 2. single signon (SSO) / single logout (SLO) service for web-based applications (similar to SAML 2.0 Authentication Request and Single Logout protocols aka websso) Implementation (Open source) https://github.com/vmware/lightwave/tree/dev/vmidentity/openidconnect Roles User (Resource Owner) User agent (browser) Client (aka Relying Party / RP) e.g: lightwaveui Authz Server (aka OpenID Provider / OP) Resource Server (server that wants to implement authz for its API's) e.g: admin server JWT tokens OAuth 2.0 defines an access_token and a refresh_token but does not specify their format. We are using JWT as the format. OpenID Connect additionaly defines an id_token and specifies its format as a JWT. Lightwave OIDC issues id_tokens, ac