Explore a comprehensive analysis of OpenID Connect security vulnerabilities and their solutions in this conference talk from AppSecEU 2016. Delve into the differences between OAuth and OpenID Connect, understanding the three-party system and dynamic solutions involved. Examine various attack vectors, including single-phase attacks, replay attacks, and IDP confusion attacks, along with their corresponding countermeasures. Learn about malicious endpoint attacks and out-of-service scenarios through practical demonstrations. Gain insights from security experts as they discuss current states of OpenID Connect implementation and provide a summary of key findings to enhance your understanding of this authentication protocol's security landscape.