Online demo of our OpenID Connect client and server

Today we put up an online demo of the Connect2ID server along with a generic OpenID Connect client. With that we wish to show the capabilities of the new internet standard for single sign-on (SSO) based on the successful OAuth 2.0 framework. OpenID Connect is designed to sign users onto web as well as native apps and also provides a standard extensible schema for provisioning user details (called UserInfo) such as email, name and contact information to client applications.

The OpenID Connect 1.0 specification is expected to become final in spring of 2014. Around the same time we prepare to release our Connect2ID server for business customers.

openid-connect-login

You can test the OpenID Connect login by going to https://demo.c2id.com/oidc-client.

connect2id-auth

Just click on “Login with OpenID Connect” and when you’re redirected to the IdP server enter “alice” + “secret” as credentials.

connect2id-consent

The consent screen will display which scope and claim values are requested, also the remembered values which the user (can also be implicitly) has previously agreed to. The login page logic is built entirely in JavaScript, so its interaction with the Connect2ID server integration APIs can be examined by testers and developers. A production login page will of course have this logic in the backend and can have a different UI design for obtaining the user’s credentials and consent. The server API also enables integration of arbitrary authentication factors, such as hardware tokens or biometrics.

connect2id-result

Upon returning to the OpenID Connect client you should see the process of decoding the authentication response, making the token request, verifying the ID token and extracting its content, and finally the UserInfo request being made. The client was built with our open source OAuth 2.0 SDK with OpenID Connect extensions.

The demo Connect2ID server is set to remember user sessions for 15 minutes, so if you come back to it within that time you will be redirected straight to the consent form.

The OpenID Connect client has also two other tabs – “Provider details” and “Client details” where you can configure it to speak to another public OpenID Connect server (IdP). We intend to add more OpenID Connect request options to the client UI in future.