Introduction
OpenID Connect (OIDC) is a modern, widely adopted identity protocol that builds on top of OAuth 2.0 to provide a standardized and interoperable authentication layer. It allows Cake to securely delegate identity verification to trusted providers while maintaining tight control over access policies and user identity data.
OIDC is at the heart of Cake’s identity strategy—powering Single Sign-On (SSO), service-to-service authentication, and secure access to platform components. It enables seamless integration with external identity providers (e.g., Google, GitHub, Okta) while maintaining compliance with Kubernetes-native security workflows and industry standards.
Key benefits of adopting OIDC for the Cake platform include:
Standards-Based Authentication: Uses industry-standard protocols to ensure interoperability, security, and future-proofing across internal tools and cloud services.
Delegated Identity Management: Leverages external identity providers to authenticate users, eliminating the need to store or manage user credentials within the platform.
Token-Based Access Control: Issues signed identity tokens (ID tokens) and access tokens that are verifiable and portable across distributed systems and APIs.
Fine-Grained Authorization: Supports scopes, claims, and roles that can be mapped to Kubernetes RBAC, Istio policies, or custom service logic to control access precisely.
Foundation for Federation: Enables seamless integration with federated identity solutions such as Dex, allowing Cake to unify authentication across diverse environments and teams.
In practice, OIDC underpins much of the secure authentication flow within the Cake ecosystem. Whether a developer logs into the Kubernetes dashboard via Google SSO, or an internal service validates an identity token issued by Dex, OIDC ensures that authentication is both secure and standardized.
By standardizing on OIDC, Cake empowers developers with secure, seamless access to the platform—while enforcing robust identity and access controls across the entire infrastructure.