OAuth 2.0 and OpenID Connect plug-ins

The OAuth 2.0 authorization framework allows resource owners (end users) to delegate limited access rights on HTTP services to third-party applications.

Access privileges are delegated to third-party applications (clients) by issuing them an access token with a specific scope, lifetime and other access attributes. Clients then provide these tokens when accessing the resource as a proof of authorization. Access tokens are issued to clients by the authorization server with the approval of the end user. For further information on the OAuth 2.0 authorization framework, refer to the OAuth 2.0 specification RFC 6749.

OpenID Connect provides information on an end user's identity on top of the OAuth 2.0 protocol. Clients are thereby not only able to access HTTP services on behalf of end users, but they are also able to verify the identity of the end user based on the authentication performed by an authorization server. This is mainly achieved by issuing ID tokens based on the end user authentication at the authorization server. ID tokens contain claims about the authentication of an end user. For further information on OpenID Connect, refer to http://openid.net/specs/openid-connect-core-1_0.html/.

nevisAuth can act as an OAuth2 authorization server, an OpenID Connect provider, and as an OpenID Connect relying party.