Architecture

The Authentication Framework is based on the industry standard OAuth 2.0 and OpenID Connect architecture.

In this architecture, the User is considered to be the Resource Owner (in this case, the owner of their identity, data, and operations). The User is a separate entity from the Client.

The Client (aka 3rd party app) is considered to be the Relying Party as it is relying upon an Authorization Server to authenticate a User.

The Authorization Server is an Identity Provider that authenticates the User. The User can tell the Authorization Server to provide the Client with authorized access to resources that the User owns.

Once authorized, the Authorization Server provides an Access Token and an Identity Token to the Client.

The Identity Token provides authenticated information about the User to the Client. The Client uses the Access Token to gain access to the User resources that are held on the Resource Server.

See the Tokens topic for more details on the Access Token and the Identity Token.

See the OpenID Connect and OAuth 2.0 topic for more details on OpenID Connect and OAuth concepts.