OIDC vs OAuth2

Fleeting

• External reference: https://hackernoon.com/demystifying-oauth-2-0-and-openid-connect-and-saml-12aa4cf9fdba
• External reference: https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/
• External reference: https://frontegg.com/blog/oidc-vs-oauth2

User Management Encounter: OIDC vs OAuth2 | Frontegg

OpenID Connect, commonly known as OpenID, is a specification for Single Sign-On (SSO) and authentication purposes

— https://frontegg.com/blog/oidc-vs-oauth2

Open Authorization (OAuth) is an open standard authorization framework used for token-based authorization that is highly popular across the globe.

— https://frontegg.com/blog/oidc-vs-oauth2

OAuth stands for Open Authorization.  It’s used for delegated authorization to delegate the responsibilities of user authorization to some other service rather than managing them on its own

— https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

— https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

— https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

Authentication is who you are while authorization is what you can do.

— https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

Authorization depends on authentication but they are not interchangeable

— https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

identity layer on top of OAuth2.0. The two fundamental security concerns, authentication and API access, are combined into a single protocol called OpenID Connect.

— https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

give you an access token plus an id token.

— https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

OAuth 2.0 is a set of defined process flows for “delegated authorization”.

— https://hackernoon.com/demystifying-oauth-2-0-and-openid-connect-and-saml-12aa4cf9fdba

OpenId Connect is a set of defined process flows for “federated authentication”.

— https://hackernoon.com/demystifying-oauth-2-0-and-openid-connect-and-saml-12aa4cf9fdba

authentication vs authorization

When you check in to a hotel, you present to the reception with your driving license or passport. This establishes who you are i.e. your identity. Then hotel receptionist issue you a key card that encoded with what you have access to, which will include your room access, it might also include the gym or swimming pool access too. That is your authorization. The best part is that your personal and billing information never leaves the front desk. This is OAuth.

— https://www.c-sharpcorner.com/article/oauth2-0-and-openid-connect-oidc-core-concepts-what-why-how/

time	text
https://youtu.be/IXWtx_0Fc00&t=352.8s	authentication
https://youtu.be/IXWtx_0Fc00&t=354.24s	informs authorization and authorization
https://youtu.be/IXWtx_0Fc00&t=356.96s	makes the decisions not not not the
https://youtu.be/IXWtx_0Fc00&t=359.68s	authentication

—

Notes linking here

• authentication vs identification vs authorization
• Authentication with OAuth 2.0
• claims-based identity
• night club analogy
• using id token as access token?
• zero trust

Permalink