Vault Vision officially gained certifications for OP Basic of the OpenID Connect spec early in 2022. With these certifications we are thrilled to join the ranks of industry leaders such as Google, Microsoft, PayPal, and others who are embracing standards based authentication.
OpenID Connect, as a layer on top of the Vault Vision authorization protocol, allows for decentralized authentication and improves user access to websites and apps.
Getting certified means ensuring that our implementation of the protocol meets the official specifications as outlined by OpenID.
OpenID is a cornerstone of the modern, open web, and we are proud that our implementation has the official stamp of approval. In this article we share what OpenID Connect is and why it matters a lot.
What Is OpenID Connect?
OpenID Connect is an open identity standard. It acts as an authentication layer on top of the Vault Vision authorization standard, thus granting you access.
A user gets an OpenID account through an OpenID identity provider (like Vault Vision.)
The user uses that account to sign into any site that accepts OpenID authentication, such as YouTube (the relying party) for example. This open-source framework, provided by the OpenID standard, lets the user, relying party, and the identity provider just work together.
This makes it easy to sign-in to a new website without creating a new username or password each time. Instead you use the URL you’ve created for a service that you already use. You only need to sign up once and use that login across various applications. Woot woot!
On a website, it might look something like this:
A user is already logged into Microsoft or Google ( the identity provider) with a set of credentials. This set of credentials can then be used to log into another website or application, a relying party. This site or app will ask the user “Sign up with Microsoft or Google?“
When a user clicks on Google or Microsoft, they’re authorizing that identity provider to back up their claim. Then the user is redirected to the website or application.
This use of linked identities means you only have to manage a single username and password for websites.
With OpenID, users don’t need traditional authentication tokens like a username and password. All they need is to be registered on a site with an OpenID identity provider. It’s decentralized; any website can use OpenID as a way to log users in.
Why is OpenID Connect Important?
Before OpenID, developers built site-specific networks with their own signup and login systems. The idea that you could select your own identity provider for logging into a website and a common standard that would connect all these systems did not exist.
Think of OpenID as your passport for the entire internet.
Websites that use OpenID won’t ask for your information constantly, making it faster and easier to sign up. Plus, you can associate information with your OpenID such as your name and email address, and decide how much websites get to know about you. So, websites that use OpenID won’t bug you for the same information every single time you sign up. Freedom and extra security in one foul swoop!
Why Should an Identity Provider Get an OpenID Certification?
Certification ensures credibility. In your own testing, you can pick and choose what aspects of your OpenID implementation you want to test. Certification involves meeting a set of minimum criteria that are standard across the board; your results and the process you used to get there, are open for public oversight. You will be able to prove that your OpenID implementation is compatible or conformant with the official specs — not just for your customers and potential customers, but for yourself.
Secure Applications with an Identity Provider, like Vault Vision
Whomever you choose for your authentication needs or if you choose to build an auth platform from scratch, be sure the work is OIDC Certified and OpenID Connect Spec Compliant.
And if you are considering hiring an expert identity provider, Vault Vision is here to help you! Vault Vision gives you modern and affordable authentication, while you can stay focused on building the special features of your product and serving your client’s needs.
And when we say we are ‘developer friendly’, we mean it by offering direct dev to dev real-time support channels and access to authentication experts 24/7 to help get started confidently, quickly, and securely. Schedule a demo or contact us today!
Read more about Vault Vision’s OpenID Connect Certification.