Skip to main content

Posts

Showing posts with the label OAuth 2.0

Why OpenID Connect came?

After publishing my previous article on ' Understanding concepts - OpenId, OAuth and SAML'  , I received a general question from a few of my colleagues and that is ‘Why OpenID arrived? What is the need of it’? By now, most of us are already aware that OAuth 2.0 is an authorization protocol and it really did a great job by providing information, which facilitated its user to take some prodigious authorization decisions. But what about exchanging this information? How to do that? Is that exchange done in a secure manner? Bla bla bla… All such sorts of questions are dealt in different- different manner as every authentication provider have their own mean of exchanging this OAuth information. As not all the providers have provided an equivalent level of security, led to some buzzes. Here OpenID Connect came for rescue. It fixes all the common problems by providing an authentication protocol with a standardized way of exchanging messages between a provider and subs