What is oAuth and OpenID Connect?

Historically, in order to access applications, users need to provide their username and password to application.

The application server would then store, hash and run a query around these credentials and then provide an access token, once everything is authenticated.

The problem with this approach is the doubts and issues centered around servers storing your password. You don’t know if passwords are encrypted or you are being presented with resources intended for other users.

oAuth solves this problem by delegating authorisation to applications.

Instead of providing credentials to any third-party application, you provide your credentials to oAuth Authorisation servers who then grant you the access token. Your APIs will then use this access token to access the application resources.

The oAuth methodology is very similar to the way Check-Ins in hotels are performed, using the access card. Or even access cards provided to employees for accessing different areas of their office premises.

So, the reception desk configures your access card with access to your room. You then swipe the access card on your designated hotel room without providing any personal information at the door. The access card takes care of the access and once all is ok, you can enter your room.

Here the reception desk can be considered as the oAuth Authorisation server who takes care of your authenticity. Your access card is the access token which then provides you access to different resources.

Now what’s OpenID connect?

OpenID Connect helps in identifying the users. So oAuth authenticates the APIs but never holds any user information. There will be places in your application where you will need some user information, say his age or name. OpenID will do this for you.

TO cut the story short, oAuth helps in accessing APIs whereas OpenID connect helps in identifying the user.