Rundown.WTF
All specs
OIDC Core 1.0OpenIDMust KnowBack OfficeProduct

OpenID Connect Core 1.0

Authentication & Authorization·OpenID Foundation
WHY YOU NEED THIS

Sign-in with Google/Apple/GitHub all use OIDC. If your app authenticates users via a third party, you're using OIDC whether you know it or not.

What It Defines

Identity layer on top of OAuth 2.0. Adds ID tokens (JWT), UserInfo endpoint, standard claims (sub, email, name), and a defined authentication flow. Used for login-with-X and SSO.

Canonical (Normative)

OpenID Connect Core 1.0

Convenient (Practical)

oauth.net/connect

Related References

OIDC Discovery
oidcopenididentityssologin
Standards Body
OpenID Foundation

Canonical home for OpenID Connect specifications: OIDC Core, Discovery, Session Management, Dynamic Registration, and related profiles. Separate from the OAuth IETF work.

Visit

Related Specs

RFC 6749RFCMust Know

OAuth 2.0

The foundation of modern app auth: third-party login, API authorization, SSO, and machine-to-machine access all use OAuth 2.0.

Back OfficeProductAuthentication & Authorization
Details
RFC 7519RFCMust Know

JWT

JWTs are the token format for OIDC ID tokens and many OAuth implementations. Understanding the structure and security tradeoffs is essential.

ProductAuthentication & Authorization
Details
RFC 7517RFCShould Know

JWK

When your app verifies a JWT from an identity provider, it fetches the public key as a JWK from the OIDC discovery endpoint.

ProductAuthentication & Authorization
Details
EIP-4361EIPMust Know

SIWE

SIWE is the Web3 equivalent of Sign-In with Google. Enables dApps to authenticate users via their Ethereum address without a password, using their wallet signature.

BlockchainBlockchain & Web3
Details