OpenIDConnect Certified Relying Party Servers vs Certified OpenID Provider Servers

Question

I was looking at the OpenIDConnect developer section https://openid.net/developers/certified/. There are multiple sections like:

• Certified Relying Party Libraries
• Certified Relying Party Servers and Services
• Certified OpenID Provider Libraries
• Certified OpenID Provider Servers and Services
• Certified OpenID Providers for Logout Profiles

I think I understand the difference between relying party (e.g. client app) and OpenID Provider (Authorization server) but I could not find details on what the above items mean.

Answer 1

Most companies focus on coding UIs and APIs - these components are referred to in the jargon as 'relying parties'. It makes complete sense to plug in certified libraries to do the intricate security work.

Most companies do not build an OpenID Provider Server, since it is a job for security experts. Instead it is common to plug in a low cost cloud solution from a provider such as Microsoft / Amazon / Google.

As an example have a look at my SPA and API Tutorial which uses these moving parts:

• Web UI uses a certified library called OIDC Client
• Web API uses a certified library called Open Id Client
• Both interact with a trial / developer version of Okta as the OpenID Provider