What is OpenID Connect?

OpenID Connect is a simple identity layer on top of the widely used OAuth 2.0 protocol for authorisation. This allows service providers (i.e. applications and web services) to authenticate their end-users based on the authentication performed by an authorisation server.

OpenID Connect allows clients of all types (including web-based services and mobile applications) to obtain user authentication via authenticated sessions and optionally request and receive information about end-users.

OpenID Connect specifies a ‘REST-like’ API. Its implementations require session state to be maintained on the server during the process where the user logs in to the operator Identity Gateway.

What is Mobile Connect?

Mobile Connect is a secure universal log-in solution which matches a user to their mobile device and allows them to log-in securely to applications and websites without the need for remembering usernames and passwords. It uses the OpenID Connect standard as its framework, with the extension of certain parameters to ensure the security aspects of Mobile Connect are met.

The table below shows the differences in the parameters defined by OpenID Connect compared with how they are used in Mobile Connect.

Parameter OpenID Connect Mobile Connect
state Recommended Mandatory
nonce Optional Mandatory
prompt Optional Recommended
max_age Optional Recommended
acr_values Optional Mandatory

Please see here for further details about the parameters in the authentication request.

Why choose OpenID Connect?

OpenID Connect has been adopted by Mobile Connect as the base protocol and framework because of its openness and robustness. OpenID Connect has the following advantages:

  • It works on almost any device that has a web browser with access to the Internet;
  • It is not specific to any operating system;
  • There is a set of specifications that many developers are already familiar with. The specification is not proprietary and is currently publicly available;
  • It is designed to be easy to use, reliable and secure.