Home
OpenID Implementation
This document contains technical information for publishers and integrators about OpenID Connect (OIDC) protocol.
Back Channels APIs
Logout and LogoutToken Parameters
When a user logs out from CONNECT, it triggers the Logout Endpoint for all applications the user logged in during a given session.

OpenID Implementation
This document contains technical information for publishers and integrators about OpenID Connect (OIDC) protocol.
- Overview of CONNECT
  CONNECT is an Identity Management as a Service (IDaaS) platform created and managed by Wiley Partner Solutions that enables publishers to securely sign in users to their applications, using the OpenID Connect (OIDC) protocol.
- Overview of OpenID CONNECT
  The OpenID Connect (OIDC) protocol is an extension of OAuth 2.0 for use as an authentication protocol.
- Client Application Configuration
  A client application represents an application (typically a web application) of a publisher that provides services to authenticated users. Each application always belongs to one CONNECT tenant (customer). Each customer can have multiple applications.
- Metadata Document
  The OpenID Connect service is a metadata document that contains most of the information required for a client application to perform the authorization flow. This includes information such as the URLs to use and the location of the service's public signing keys.
- The Authorization Request
  When a web application needs to authenticate a user, it must direct the browser to the URL of the authorization_endpoint, specified in the application metadata. This request is also referred to as the authorization request.
- The id_token
  The id_token can be provided either in JSON format or as a signed JWT (configurable on the CONNECT side according to the client application requirements) and includes basic user profile data that allows the authentication of a user on the client application.
- Automatic Login
  The user authentication status on CONNECT can be checked by an application by issuing a "silent" authorization request.
- Retrieving User Data
  Some applications not only need to sign the user in, but also access a web service on behalf of that user using OAuth. An example of this is a service that provides additional user data than those included in the id_token.
- Scopes
- Logout
- Back Channels APIs
  - Logout and LogoutToken Parameters
    When a user logs out from CONNECT, it triggers the Logout Endpoint for all applications the user logged in during a given session.

Logout and LogoutToken Parameters

When a user logs out from CONNECT, it triggers the Logout Endpoint for all applications the user logged in during a given session.

This request includes a single parameter, the logoutToken, which is a signed JWT containing the following additional parameters:

Parameter Name	Description
lss	The issuer of the token. In this case it is the URL of CONNECT.
sub	The unique user ID.
aud	The client_id of the application.
iat	Timestamp
jti	The JWT unique ID.
sid	The ID of the session that is being terminated.