Before OpenID Connect and SAML, information systems relied on simple authentication, which was hard to maintain and could lead to various security vulnerabilities.
OpenID Connect and OAuth are the new security best practices to handle authentication and authorization, respectively. Before OAuth, applications had to manage by themselves authentication and single sign on. But with the advance of smartphones, applications had to authenticate users on those devices too. Furthermore, the need to let third-party applications have access to user’s data from their email providers or social networks without using their password created a new problem for applications to tackle. This problem is known as the delegated authorization problem. A lot of companies tried to resolve this issue but without any success.
OAuth resolved the delegated authorization problem and was then extensively used to authenticate users. In fact, companies such as Facebook, Google and LinkedIn added their own hack to OAuth to handle authentication.
OpenID Connect is a layer of identity built above the OAuth 2.0 protocol
OpenID Connect specify the extra steps required to authenticate users using OAuth, and adds the following elements to OAuth:
- Token ID containing information about the user
- Users Endpoint providing extra information about the user
- A set of standard scopes
- A Standardized implementation
Learn everything about these two protocols: how they work, which one to choose, and what are their different uses, by downloading our white paper here below.
OpenID Connect and OAuth are relatively new, relatively complex protocols that are used to verify identities. This makes them sensitive subjects for businesses. To make sure you are using them properly, it is worth calling in the experts. Digitalberry is at your disposal to answer your questions and support you in your projects.
