OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. OpenID Connect is all about authentication. It allows clients to verify end users based on the authentication performed by an authorization server. It is also used to obtain basic profile information about the end user in an interoperable and REST-like manner.
So OpenID Connect allows clients of all types—web-based, mobile, and JavaScript—to request and receive information about authenticated sessions and end users. We know that OAuth 2.0 defines access tokens. Well, OpenID Connect defines a standardized identity token (commonly referred to as ID token). The identity token is sent to the application so the application can validate who the user is. It defines an endpoint to get identity information for that user, such as their name or email address. That's the user info endpoint.
It's built on top of OAuth 2.0, so the flows are the same. It can be used with the authorization code grant and implicit grant. It's not possible with the client credentials grant, as the client credentials grant is for server-to-server communication.
There's no end user involved in the process so there's no end user identity either. Likewise, it doesn't make sense for the resource owner path of usage or process. Now how does that work? Well, instead of only requesting an access token, we'll request an additional ID token from the security token service (STS) that implements the OpenID Connect specification. The client receives an ID token, and usually, also an access token. To get more information for the authenticated user, the client can then send a request to the user info endpoint with the access token; this user info endpoint will then return the claims about the new user.
OpenID supports authorization code flow and implicit flow. It also adds some more additional protocols, which are discovery and dynamic registration.