0

I was looking at the OpenIDConnect developer section https://openid.net/developers/certified/. There are multiple sections like:

  • Certified Relying Party Libraries
  • Certified Relying Party Servers and Services
  • Certified OpenID Provider Libraries
  • Certified OpenID Provider Servers and Services
  • Certified OpenID Providers for Logout Profiles

I think I understand the difference between relying party (e.g. client app) and OpenID Provider (Authorization server) but I could not find details on what the above items mean.

Ganesh R.
  • 4,337
  • 3
  • 30
  • 46

1 Answers1

1

Most companies focus on coding UIs and APIs - these components are referred to in the jargon as 'relying parties'. It makes complete sense to plug in certified libraries to do the intricate security work.

Most companies do not build an OpenID Provider Server, since it is a job for security experts. Instead it is common to plug in a low cost cloud solution from a provider such as Microsoft / Amazon / Google.

As an example have a look at my SPA and API Tutorial which uses these moving parts:

  • Web UI uses a certified library called OIDC Client
  • Web API uses a certified library called Open Id Client
  • Both interact with a trial / developer version of Okta as the OpenID Provider
Gary Archer
  • 22,534
  • 2
  • 12
  • 24
  • I assume OIDC Client and OpenID Client are RP libraries. So what are RP Servers? I assume Okta is OpenID provider Server whereas something like IdentityServer4 (https://identityserver.io/) is a OpenID Provider Library – Ganesh R. Jun 03 '20 at 05:35
  • 1
    The most common RP server role is an API Gateway, which you can use to host your APIs, and which may do some of the OAuth work for you. Eg. AWS API Gateway has features to cache claims for your APIs. – Gary Archer Jun 03 '20 at 07:12