Solution Overview

OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of "making simple things simple and complicated things possible." It's uniquely easy for developers to integrate, compared to any preceding Identity protocol.

OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files. For the app builder, it provides a secure verifiable, answer to the question: "What is the identity of the person currently using the browser or native app that is connected to me?"

In this lab, we'll demonstrate how NGINX Controller API Management Module and NGINX App Protect can secure the OAuth Authorization Code flow, which is core to Open Banking specifications. The deployment and configuration of these elements will be performed automatically through a CI/CD pipeline.

OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers and session management, when it makes sense for them.

Lab Diagram