📄️ Overview
OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol. While OAuth 2.0 is primarily concerned with authorization — granting third-party applications access to resources — OpenID Connect adds authentication, enabling clients to verify the identity of users. It allows for single sign-on (SSO) functionality, where a user can log in once and use their authenticated identity across multiple services or applications.
📄️ ID Tokens
In the context of OpenID Connect (OIDC), an ID token is a JSON Web Token (JWT) that contains information about the authenticated user, or subject. ID tokens are central to OIDC’s purpose of enabling authentication. When a client uses OpenID Connect to authenticate a user, the OpenID provider (such as Stalwart Mail Server when configured as an OIDC server) issues an ID token to the client, confirming the identity of the user who has logged in.
📄️ OIDC Provider
Stalwart Mail Server comes with the OpenID Connect (OIDC) provider feature automatically enabled. This means that clients and applications can authenticate users and obtain ID tokens through the server, which acts as the identity provider. The OIDC provider in Stalwart is compliant with OpenID Connect standards and supports a range of cryptographic signing algorithms to ensure the integrity and security of issued ID tokens.
📄️ Endpoints
Stalwart Mail Server supports various OpenID Connect (OIDC) endpoints that allow clients and applications to interact with the server for authentication and identity information. Below is a brief description of the key OIDC endpoints available in Stalwart.