In the External Authentication Services chapter above we talked about how people can use different external accounts to log in to Rock. But what about the flip side of the coin, where people can use Rock to log in to other external systems?

That's where OpenID Connect (OIDC) comes in. OIDC is an open standard for verifying the identity of an individual in one system based on the authentication performed by another system. Rock ships with an OIDC Server feature that can allow a third-party system to use Rock as an authorization server. That means your members can log in to an external site like Church Online Platform using their Rock username and password.

In the sections below we’ll cover how these features work and what you’ll need to set them up.

Servers and Clients

Before we get too far, it’s important to keep in mind the distinction between server and client.

Server applies to the system that’s doing the authentication. The client system uses the authentication provided by the server to grant access.

For instance, let's say a person is using their Rock username and password to log in to Church Online Platform. In that case, Rock would be the server and Church Online Platform would be the client.