OpenID VS OAUTH ต่างกันยังไง

OpenID is about authentication (ie. proving who you are)
OAuth is about authorisation (ie. to grant access to functionality/data/etc.. without having to deal with the original authentication).

OpenID Connect (OIDC) Combines the features of OpenID and OAuth i.e. does both Authentication and Authorization.

A common pattern for OpenID Connect API is three steps:
1) Get a code
2) Get tokens like the access_token, refresh_token, and id_token
3) Get user info which contains claims like username, email, etc.

**The big difference between OpenID Connect and OAuth2 is the id_token

Reference1 : https://security.stackexchange.com/questions/44611/difference-between-oauth-openid-and-openid-connect-in-very-simple-term
Reference2 : https://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth
Reference3 : https://www.gluu.org/blog/oauth-vs-openid-whats-the-difference/

Related posts:

This entry was posted in ไม่มีหมวดหมู่. Bookmark the permalink.