///

## OpenID Connect { #openid-connect }

OpenID Connect is another specification, based on **OAuth2**.

It just extends OAuth2 specifying some things that are relatively ambiguous in OAuth2, to try to make it more interoperable.

For example, Google login uses OpenID Connect (which underneath uses OAuth2).

But Facebook login doesn't support OpenID Connect. It has its own flavor of OAuth2.

import org.lastaflute.web.login.credential.LoginCredential;

/**
 * OpenID Connect credential implementation.
 */
public class OpenIdConnectCredential implements LoginCredential, FessCredential {

    private final Map<String, Object> attributes;

    /**
     * Creates a new OpenID Connect credential.
     *
     * @param attributes the attributes from OpenID Connect provider
     */

 *       typically implemented by opening a reader using one of the methods in the first category,
 *       doing something and finally closing the reader that was opened.
 * </ul>
 *
 * <p>Several methods in this class, such as {@link #readLines()}, break the contents of the source
 * into lines. Like {@link BufferedReader}, these methods break lines on any of {@code \n}, {@code

 *       typically implemented by opening a reader using one of the methods in the first category,
 *       doing something and finally closing the reader that was opened.
 * </ul>
 *
 * <p>Several methods in this class, such as {@link #readLines()}, break the contents of the source
 * into lines. Like {@link BufferedReader}, these methods break lines on any of {@code \n}, {@code

[Corretto]: https://github.com/corretto/amazon-corretto-crypto-provider
[GraalVM]: https://www.graalvm.org/
[OpenJDK]: https://openjdk.java.net/groups/security/
[OpenJSSE]: https://github.com/openjsse/openjsse
[OpenSSL]: https://www.openssl.org/
[bug5592]: https://github.com/square/okhttp/issues/5592

```sh
openssl ecparam -genkey -name prime256v1 | openssl ec -out private.key
```

A response similar to this one should be displayed:

```
read EC key
writing EC key
```

Alternatively, use the following command to generate a private ECDSA key protected by a password:

```sh
openssl ecparam -genkey -name prime256v1 | openssl ec -aes256 -out private.key -passout pass:PASSWORD
```

    protected static final String OIC_REDIRECT_URL = "oic.redirect.url";

    /** Configuration key for OpenID Connect token server URL. */
    protected static final String OIC_TOKEN_SERVER_URL = "oic.token.server.url";

    /** Configuration key for OpenID Connect client secret. */
    protected static final String OIC_CLIENT_SECRET = "oic.client.secret";

### OpenID (nicht „OpenID Connect“)

Es gab auch eine „OpenID“-Spezifikation. Sie versuchte das Gleiche zu lösen wie **OpenID Connect**, basierte aber nicht auf OAuth2.

Es handelte sich also um ein komplett zusätzliches System.

Heutzutage ist es nicht sehr populär und wird kaum verwendet.

## OpenAPI

        when(fh.acquire()).thenReturn(fh);
        when(fh.isValid()).thenReturn(true);

        // Act
        SmbFileHandleImpl opened = handle.ensureOpen();

        // Assert
        assertSame(fh, opened);
        assertTrue(handle.isOpen(), "Handle should report open after ensureOpen");

///

## OpenID Connect

OpenID Connect es otra especificación, basada en **OAuth2**.

Solo extiende OAuth2 especificando algunas cosas que son relativamente ambiguas en OAuth2, para intentar hacerla más interoperable.

Por ejemplo, el login de Google usa OpenID Connect (que internamente usa OAuth2).

Pero el login de Facebook no soporta OpenID Connect. Tiene su propia versión de OAuth2.