KEMBAR78
Oauth Defination | PDF | Career & Growth
Scribd
Upload
31 views1 page

Oauth Defination

OAuth is a framework for sharing authorization to access data or services without sharing passwords or user identities. It works like checking into a hotel where a keycard authorizes access to certain areas without sharing billing or identity details. OpenID Connect builds on OAuth by adding a way to share user profile information in a standardized way, requiring a user be involved rather than just services.

Uploaded by

Abdessàmàd Môrjàne
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
31 views1 page

Oauth Defination

OAuth is a framework for sharing authorization to access data or services without sharing passwords or user identities. It works like checking into a hotel where a keycard authorizes access to certain areas without sharing billing or identity details. OpenID Connect builds on OAuth by adding a way to share user profile information in a standardized way, requiring a user be involved rather than just services.

Uploaded by

Abdessàmàd Môrjàne
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
You are on page 1/ 1

Oauth defination :

OAuth is not a password sharing mechanism or protocol, it's not even a log in process, it's not even a
way to establish a user's identity. OAuth is a framework for sharing authorization.

Oauth Exemple :

My favorite analogy here is checking into a hotel. When you check into a hotel, you present the front
desk clerk with proof of identity via driver's license or a passport. This establishes who you are.
Further, you provide billing information via credit card. Somewhere behind the scenes, they use your
identity information to look up your reservation, your account status, and other things related to
you, then they issue you a keycard. Encoded in that card is what you have access to, which hopefully
will include your room, but it could also include the gym or the work out room. It might also include
the executive lounge. The best part of all this is that your identity and billing information never leave
the front desk. This is fundamentally how OAuth works, so OAuth is great in scenarios where you
don't want to share credentials or maybe personally identifying information with the target website

OIDC :

OpenID Connect does absolutely nothing about authorization. It's explicitly not for that. Just for
sharing profile information. As a result of this much smaller and simpler use cases, it provides quite a
bit more structure and less places for extensions. And finally, since it's explicitly for user profile
information, there must be a user involved. It can't just be micro services. So, to wrap this up,
OpenID Connect or OIDC, is just a special case of OAuth.

You might also like