1 00:00:00,210 --> 00:00:06,810 Before we go ahead and implement or to alteration and identification framework, inside are easy bank 2 00:00:06,810 --> 00:00:11,790 Web application, let's try to spend a few minutes on what is opening reconnect. 3 00:00:12,060 --> 00:00:16,320 So you might be hearing a lot about and reconnect from your colleagues. 4 00:00:16,320 --> 00:00:22,740 Friends, are any blogs that you might be reading and wondering what is open and reconnect and how it 5 00:00:22,740 --> 00:00:24,840 is related to auto framework. 6 00:00:24,960 --> 00:00:26,830 So both auto and open. 7 00:00:27,390 --> 00:00:30,750 They are very similar with the minor difference. 8 00:00:31,020 --> 00:00:39,870 The differences openly connect is built on top of auto framework to provide identity details of the 9 00:00:39,870 --> 00:00:48,150 user for whom we are issuing an access token like without opening reconnect long Baccarin auto framework 10 00:00:48,150 --> 00:00:49,890 is introduced in the industry. 11 00:00:50,100 --> 00:00:56,640 Many organizations, they started implementing it, and the main purpose of auto framework is only to 12 00:00:56,640 --> 00:01:02,220 implement authorization based upon access management and role management. 13 00:01:02,370 --> 00:01:11,130 And since there is no standard way of sharing identity details of the user, every auto server implementation, 14 00:01:11,130 --> 00:01:16,470 they used to have their own way of sharing the identity details of that user. 15 00:01:16,740 --> 00:01:24,780 So to address those challenges related to non-standard ways of sharing identity, details between observer 16 00:01:24,780 --> 00:01:30,570 and client applications in new protocol is built on top of auto framework. 17 00:01:30,720 --> 00:01:39,540 So Open-Ended Kanaks provides authentication by introducing a new ID token, which contains user details 18 00:01:39,750 --> 00:01:44,190 with the new set of scopes and claims specifically related to identity. 19 00:01:44,310 --> 00:01:51,540 So just like how or to framework is giving access token, if you incorporate any authentication server 20 00:01:51,540 --> 00:01:54,300 which is leveraging open a reconnect. 21 00:01:54,570 --> 00:01:57,060 It will give you two types of tokens. 22 00:01:57,090 --> 00:02:03,600 One is an access token, which is from the auto, and the other one is an I.D. token, which is from 23 00:02:03,600 --> 00:02:04,920 the open reconnect. 24 00:02:05,160 --> 00:02:12,300 And this I.D. token will how identity details of the user like his email, like his profile details. 25 00:02:12,450 --> 00:02:17,100 So all those details are standardized and kept inside the ID token. 26 00:02:17,280 --> 00:02:23,160 So if you can see the diagram here first, what framework is built on top of his QTIP protocol? 27 00:02:23,430 --> 00:02:28,050 And the main intention of the auto framework is to provide alteration of the user. 28 00:02:28,320 --> 00:02:32,160 Like it will give you an access token based upon the access token. 29 00:02:32,460 --> 00:02:38,980 It will identify whether a given user can access a particular resource are not. 30 00:02:39,000 --> 00:02:45,930 But the limitation that we have it all to framework is where there is no standardized way of knowing 31 00:02:46,140 --> 00:02:48,390 to whom that access token is belong. 32 00:02:48,540 --> 00:02:51,330 That problem is solved by open reconnect. 33 00:02:51,450 --> 00:02:54,900 So on top of war two, we also have open and reconnect built. 34 00:02:55,080 --> 00:03:02,850 And that will focus on authentication, which will share the I.D. token that contains all the details 35 00:03:02,850 --> 00:03:06,810 of the identity of the user who is trying to get an access token. 36 00:03:06,930 --> 00:03:09,390 So now we know what is open and reconnect. 37 00:03:10,630 --> 00:03:16,240 Let's try to understand why openi reconnect is very important, since many of the Arab nations they 38 00:03:16,240 --> 00:03:22,330 started incorporating WATU framework and many and many of the application they're trying to interact 39 00:03:22,330 --> 00:03:26,560 with each other by leveraging access token provided by the authorization. 40 00:03:26,570 --> 00:03:32,530 So there are needs to know to whom this access token belongs to. 41 00:03:32,680 --> 00:03:35,620 So that's where identity came into picture. 42 00:03:35,620 --> 00:03:38,350 And identity is the key to any application. 43 00:03:38,500 --> 00:03:45,940 So with this identity putting inside or to framework, along with the access token, a new paradigm 44 00:03:45,940 --> 00:03:54,370 came into picture, which is i'im identity and access management strategy like we know or Pinetti handles 45 00:03:54,370 --> 00:04:01,720 with identity and authentication and authorization handled with the access management using rules and 46 00:04:01,720 --> 00:04:02,500 authorities. 47 00:04:02,740 --> 00:04:08,800 If you clap both of them, you will get a new strategy, which is identity and access management. 48 00:04:08,890 --> 00:04:14,320 So along back, many of the big organizations, they already moved to that open connect. 49 00:04:14,560 --> 00:04:22,180 And even if you go and leverage any products that are available, like autarkic Gloc, they are leveraged 50 00:04:22,180 --> 00:04:23,190 already openly. 51 00:04:23,540 --> 00:04:26,740 That's why we're discussing about opening iConnect now. 52 00:04:26,920 --> 00:04:30,040 So don't confuse between open ended and auto. 53 00:04:30,250 --> 00:04:38,110 So to framework will help you with an access token if your organization doesn't need any identity details 54 00:04:38,110 --> 00:04:39,490 in a standardized way. 55 00:04:39,760 --> 00:04:44,050 Then you can go and happily live with auto framework. 56 00:04:44,350 --> 00:04:51,870 But if there is a need to know the identity of the user, then definitely go ahead and implement open 57 00:04:51,880 --> 00:04:55,090 and connected based authentication and authorization framework. 58 00:04:55,270 --> 00:05:00,100 So whenever I can start to open, reconnect, I also get auto framework. 59 00:05:00,250 --> 00:05:04,780 The reason is open connect to beat on top of auto framework. 60 00:05:04,870 --> 00:05:06,220 So it is very simple. 61 00:05:06,250 --> 00:05:08,400 Open-Ended connect value to tokens. 62 00:05:08,440 --> 00:05:12,010 One needs access token and the other one is identity token. 63 00:05:12,280 --> 00:05:17,860 Whereas if you implement only or to framework, you will get only access token. 64 00:05:18,040 --> 00:05:23,760 So if you really ask me what is present inside my token, is it will how user details like your email 65 00:05:23,800 --> 00:05:25,210 address his first name. 66 00:05:25,420 --> 00:05:34,390 All those details can be incorporated inside hidy token and openly connect users JWT standard in order 67 00:05:34,390 --> 00:05:36,310 to generate a Islay token. 68 00:05:36,640 --> 00:05:43,300 And at the same time, when you incorporate opening connect, it will have a dedicated standardised 69 00:05:43,450 --> 00:05:51,490 API endpoint UALE with the name slash user info, which can be invoked by client applications if they 70 00:05:51,490 --> 00:05:54,010 want to know more about user details. 71 00:05:54,220 --> 00:06:00,040 So this will open and connect brings more transparency in to identification and automation. 72 00:06:00,310 --> 00:06:01,150 So don't worry. 73 00:06:01,330 --> 00:06:05,180 We are going to discuss this in practical using Keek Laakso. 74 00:06:05,560 --> 00:06:09,490 And during that time, it will make more sense to you, Fano. 75 00:06:09,610 --> 00:06:18,040 Please remember that open already built on top of auto framework and it provides added token along with 76 00:06:18,040 --> 00:06:20,680 the access token with open reconnect. 77 00:06:20,920 --> 00:06:25,360 We are moving to a new strategy called Identity and Access Management. 78 00:06:25,570 --> 00:06:26,080 Thank you. 79 00:06:26,080 --> 00:06:27,670 And I'll see you in that next lecture. 80 00:06:27,840 --> 00:06:28,120 Bye.