Konubinix' opinionated web of thoughts

You Probably Don't Need OAuth2 / OpenID Connect!

Fleeting

we often see OAuth 2 and OIDC used in the wrong context

https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/

used in the wrong context - which often is the case - it can lead to serious security vulnerabilities.

https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/

that is the catch! These protocols are targeted at third party integration. Meaning that someone else is trying to access your user’s data. And someone else is trying to authenticate their users using your data

https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/

first point of decision is exactly this. Are you building a system that interacts with third parties

https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/

If so, OAuth2 and OpenID Connect are the best-in-class protocols to address your use case!

https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/