The OpenID Connect module provides a pluggable client implementation for the OpenID Connect protocol.

The server implementation of the protocol is provided by OAuth2 Server.

What is OpenID Connect?

http://openid.net/connect:

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

What does the module do?

The module allows you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created.

Google for instance uses OpenID Connect to authenticate users across all of their services. Check out the OpenID Foundation's announcement of launching OpenID Connect.

Features

For a more detailed description and instructions please refer to the documentation.

Supported login providers

Each login provider needs a client, represented by a ctools plugin, located in plugins/openid_connect_client/.

The module ships with two clients: Google and Generic.

The generic client allows to you specify the endpoints and is used primarily to login to Drupal sites powered by oauth2_server or PHP sites powered by oauth2-server-php.

Fetching user profile information

Basic user profile information stored by the login provider can be fetched upon login.

The OpenID Connect specification defines a set of standard Claims. Requested user profile information can be saved on the client site, mapping can be configured via a UI.

Sign in block

A standard Drupal block is available to sign in with the login providers for which clients are enabled. A single button is shown for each login provider.

Ecosystem

Credits

Development is sponsored by Commerce Guys. Thanks to Bojan Živanović for helping to architect the module.