> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Describes how to use OpenID Connect protocol with Auth0.

# OpenID Connect Protocol

## What is OpenID Connect (OIDC)?

<Tooltip tip="OpenID: Open standard for authentication that allows applications to verify users' identities without collecting and storing login information." cta="View Glossary" href="/docs/glossary?term=OpenID">OpenID</Tooltip> Connect (OIDC) is an identity layer built on top of the <Tooltip tip="OpenID: Open standard for authentication that allows applications to verify users' identities without collecting and storing login information." cta="View Glossary" href="/docs/glossary?term=OAuth+2.0">OAuth 2.0</Tooltip> framework. It allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. OIDC uses <Tooltip tip="JSON Web Token (JWT): Standard ID Token format (and often Access Token format) used to represent claims securely between two parties." cta="View Glossary" href="/docs/glossary?term=JSON+web+tokens">JSON web tokens</Tooltip> (JWTs), which you can obtain using flows conforming to the OAuth 2.0 specifications. See our [OIDC Handbook](https://auth0.com/resources/ebooks/the-openid-connect-handbook) for more details.

## OpenID vs. OAuth2

While OAuth 2.0 is about resource access and sharing, OIDC is about user authentication. Its purpose is to give you one login for multiple sites. Each time you need to log in to a website using OIDC, you are redirected to your OpenID site where you log in, and then taken back to the website. For example, if you chose to sign in to Auth0 using your Google account then you used OIDC. Once you successfully authenticate with Google and authorize Auth0 to access your information, Google sends information back to Auth0 about the user and the authentication performed. This information is returned in a JWT. You'll receive an <Tooltip tip="Access Token: Authorization credential, in the form of an opaque string or JWT, used to access an API." cta="View Glossary" href="/docs/glossary?term=access+token">access token</Tooltip> and if requested, an <Tooltip tip="Access Token: Authorization credential, in the form of an opaque string or JWT, used to access an API." cta="View Glossary" href="/docs/glossary?term=ID+token">ID token</Tooltip>.

## OpenID and JWTs

JWTs contain [claims](/docs/secure/tokens/json-web-tokens/json-web-token-claims), which are statements (such as name or email address) about an entity (typically, the user) and additional metadata. The [OpenID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html) defines a set of [standard claims](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims). The set of standard claims include name, email, gender, birth date, and so on. However, if you want to capture information about a user and there currently isn't a standard claim that best reflects this piece of information, you can create custom claims and add them to your tokens.

## Configure applications with OIDC and OAuth2

You can automatically [configure your applications with OIDC discovery](/docs/get-started/applications/configure-applications-with-oidc-discovery).

## Learn more

* [Configure Applications with OIDC Discovery](/docs/get-started/applications/configure-applications-with-oidc-discovery)
* [Force Reauthentication in OIDC](/docs/authenticate/login/max-age-reauthentication)
* [Applications in Auth0](/docs/get-started/applications)
* [Single Sign-On](/docs/authenticate/single-sign-on)
* [User Profiles](/docs/manage-users/user-accounts/user-profiles)