Konubinix' opinionated web of thoughts

OIDC vs OAuth2

fleeting

User Management Encounter: OIDC vs OAuth2 | Frontegg

OpenID Connect, commonly known as OpenID, is a specification for Single Sign-On (SSO) and authentication purposes

https://frontegg.com/blog/oidc-vs-oauth2

Open Authorization (OAuth) is an open standard authorization framework used for token-based authorization that is highly popular across the globe. 

https://frontegg.com/blog/oidc-vs-oauth2

OAuth stands for Open Authorization.  It’s used for delegated authorization to delegate the responsibilities of user authorization to some other service rather than managing them on its own

https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

Authentication is who you are while authorization is what you can do. 

https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

Authorization depends on authentication but they are not interchangeable

https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

identity layer on top of OAuth2.0. The two fundamental security concerns, authentication and API access, are combined into a single protocol called OpenID Connect.

https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

give you an access token plus an id token.

https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

OAuth 2.0 is a set of defined process flows for “delegated authorization”.

https://hackernoon.com/demystifying-oauth-2-0-and-openid-connect-and-saml-12aa4cf9fdba

OpenId Connect is a set of defined process flows for “federated authentication”.

https://hackernoon.com/demystifying-oauth-2-0-and-openid-connect-and-saml-12aa4cf9fdba

authentication vs authorization

When you check in to a hotel, you present to the reception with your driving license or passport. This establishes who you are i.e. your identity. Then hotel receptionist issue you a key card that encoded with what you have access to, which will include your room access, it might also include the gym or swimming pool access too. That is your authorization. The best part is that your personal and billing information never leaves the front desk. This is OAuth.

https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

time text
https://www.youtube.com/watch?v=IXWtx_0Fc00&t=352.8s authentication
https://www.youtube.com/watch?v=IXWtx_0Fc00&t=354.24s informs authorization and authorization
https://www.youtube.com/watch?v=IXWtx_0Fc00&t=356.96s makes the decisions not not not the
https://www.youtube.com/watch?v=IXWtx_0Fc00&t=359.68s authentication

https://www.youtube.com/watch?v=IXWtx_0Fc00

Notes linking here