OAuth and OpenID Connect - Know the Difference
ฝัง
- เผยแพร่เมื่อ 16 ต.ค. 2023
- At a high level , this short video discusses when an application should use OAuth 2.x and when it should use OpenID Connect. The video discusses the use cases for both by giving a specific example of an application and a few good diagrams. It discusses the use of Google and Facebook Authorization Servers in these scenarios.
Check out my other links below for discounted popular courses (12.99$ or best local price)
My Website : www.mudraservices.com/
OAuth & OpenID Connect : www.mudraservices.com/udemyco...
Advanced OpenID Connect : www.mudraservices.com/udemyco...
SAML : www.mudraservices.com/udemyco...
My Blog : / viraj_63415 - วิทยาศาสตร์และเทคโนโลยี
Hi All - Use link below for my popular courses on Authentication
www.mudraservices.com/udemycoupon.html?course=oauth
www.mudraservices.com/udemycoupon.html?course=advo
www.mudraservices.com/udemycoupon.html?course=saml
For more of my courses, check out - www.mudraservices.com
Thank you. It really helped my understanding of OAuth & OIDC.
Glad it was helpful!
Thank you.
You're welcome!
I am bit confused with your explaination here. Considering the example where user is using Apple credentials to login to LMS but at the same time it wants to publish on its linkedin app. Would he not be again presented with login page of linkedin app and hence it should also be the case of openid connect and not oauth alone?
You touched on the critical difference between OIDC and OAuth. The user will have to log into LinkedIn App but that would not be OIDC. The intent of the LinkedIn credentials screen is NOT to log into LMS but just to get an access token to call the LinkedIn API. No "openid" scope is required here. So LinkedIn interaction is pure OAuth.
The Apple credentials screen is explicitly to log into the LMS. It’s pure OIDC because "openid" scope is required to get user info. LMS will not call any of the Apple API
@@viraj_shetty Thanks for your response. Yeah the explanation was present in the later section of the video. I believe key differentiating factor here is the intent of LMS, if it uses user-info then that use-case qualifies under OIDC otherwise just having access token to call underlying APIs would qualify for OAuth.
Please let me know if my understand is correct. Looking forward to takeup your udemy course.
Correct. That's the key where you need the user information.
My two courses (especially the Advanced Openid connect) gives elaborate examples on the differences and how to do it in Spring boot.
For example, an Application can allow a user to log in using OIDC but could interact with multiple other Auth servers using OAuth - all in the same user session.
@@viraj_shetty Will surely look forward to it.
Is this what you would call a 'federated' identity authorization system?
Federated Identity simply means that the same set of credentials are used to authenticate many applications. In Enterprise apps, the credentials are stored in AD for example. Auth servers would help in federation because it essentially enables Single Sign On.
It would have been much easier to understand if you would have create two separate diagrams to explain each of them one by one, assume that what happens if Microsoft also does the and explain multiple concepts using single diagram.