Speaker Deck

What the Heck is OAuth and OpenID Connect - DOSUG 2018

by Matt Raible

Published February 6, 2018 in Programming

OAuth is not an API or a service: it is an open standard for authorization and any developer can implement it. OAuth is a standard that applications can use to provide client applications with “secure delegated access”. OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials, which we will go over in depth below. OpenID Connect (OIDC) is built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the user and to obtain their basic profile information.

This session covers how OAuth/OIDC works, when to use them, and frameworks/services that simplify authentication.

Companion blog post: https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth