02-28, 11:30–12:00 (UTC), Kaldalón
ID-porten, Norway’s national IDP, uses OAuth2.1/OIDC as the integration protocol between micro services and frontends. Our OIDC profile helped us create a flexible, robust and secure system running 24/7 for 2000 public services and 4,7 million users.
The Norwegian Digitalization Agency runs the OpenID Provider "ID-porten" for 2000+ clients, 4.7 million users and 300 million unique logins each year. Building on what we've learned from visiting OSW conferences, reading specifications and previous experiences with how hard it is to implement an OpenID Connect server from scratch, we have rewritten our system to microservices using OAuth2.1 and OpenID Connect as the integration protocol. The new system can change the login experience by adding or removing individual OIDC servers.
We want to share how the specifications have guided our new architecture, extensions we have made, and problems we are facing.
Developer and solution architect on the ID-porten team. She’s a consultant from JPro, has a M.Sc. in Engineering Cybernetics from NTNU and has worked in the IT-industry for 25 years. She’s been implementing security solutions in the private and public sector in Norway using OAuth and OpenId Connect for over a decade.
Thomas Reppesgård has been a developer for 25 years. The last 12 years with OAuth2, OIDC and SAML2-based identity providers in the Norwegian Digitalization Agency. He has a masters degree (Cand. Philol.) in Computational Linguistics, Mathematical Logic and Programming from the University of Oslo, Norway.