OAuth2 and OpenID Connect
Authorization and authentication made easy with modern standards!
What are standards, and how do they make our lives easier?
To put it simply, a standard is an agreed way of doing something, e.g., a standardized format for exchanging data. In the context of Identity & Access Management, the standards OAuth2 for authorization and OpenID Connect for authentication are particularly important. Standards are advantageous in many respects: they essentially ensure good interoperability and easy integration between the various software systems. This leads, among other things, to better cost efficiency and shorter implementation periods. In addition, standardization also brings advantages with regard to stability and security – since, for example, an integration according to a standard always runs in the same way and potentially more companies follow the pattern than with an individual integration, weaknesses and errors in the standard are detected early and can be corrected more quickly, which leads to hardening and higher stability.
Best interoperability and easy integration through standardization.
High-cost efficiency and short integration period.
Security and stability through standards such as OAuth2 and OpenID Connect.
Overview of the Standards
The authorization framework – OAuth2
OAuth 2.0 is an authorization protocol developed by the OAuth Working Group and specified in an RFC standard. The goal of OAuth 2.0 is to standardize and improve the authorization of users and applications, and thus also to make it more secure. In particular, the authorization is separated from the actual application, e.g., an online shop. To achieve this separation, four different roles were introduced in OAuth 2.0: the OAuth 2.0 client as the client application or online store, the authorization server for authorization, the resource server for data management, and the resource owner or user. Authorization in the OAuth 2.0 framework is recognized via an Access Token, which is issued by the Authorization Server for a specific OAuth 2.0 client and can be used by this client to authorize towards other applications and APIs.
OpenID Connect – authentication on top
OpenID Connect is an authentication protocol based on the OAuth2 authorization framework. OpenID Connect is developed by the OpenID Foundation and provides not only authentication but also a concept (claims) for exchanging profile information about a user.
OpenID Connect essentially adds the authentication aspect to the authorization flows or OAuth2 grant types. In addition, an ID token and the claims are introduced, which can be used to exchange the user’s profile information. The ID token contains the profile information, and the claims describe the individual profile information and are used to query the information.
SAML vs. OpenID and OAuth2
In addition to the OpenID Connect and OAuth2 standards, there is also the SAML standard, particularly in version SAML 2.0.
The SAML standard is older than OAuth2 and OpenID Connect and, in contrast to the other two, relies on XML as the basic exchange format.
SAML 2.0 is still widely used today, especially in many enterprise applications, which is why we also support SAML 2.0 as a protocol for integration in cidaas in addition to OAuth2 and OpenID Connect.
Frequently Asked Questions
What is OAuth2/OAuth 2.0?
Multifactor authentication (MFA) means that a user OAuth 2.0 is an authorization protocol developed by the OAuth Working Group and specified in an RFC standard. The goal of OAuth 2.0 is to separate the authorization from the actual application, e.g., an online shop. The authorization in the OAuth 2.0 framework is represented by a so-called access token.
What is OpenID Connect?
OpenID Connect is an authentication protocol based on the OAuth2 authorization framework. OpenID Connect is developed by the OpenID Foundation and, in addition to authentication, also offers a concept (claims) for exchanging profile information about a user.
SAML vs. OpenID Connect and OAuth2?
In addition to the OpenID Connect and OAuth2 standards, there is also the SAML standard, particularly in version SAML 2.0. The SAML standard is older than OAuth2 and OpenID Connect and, in contrast to the other two, relies on XML as the basic exchange format.
cidaas - Cloud Identity & Access Management (Cloud IAM)
- Focus on user-friendly management of digital identities in any form
- Unique, secure user experience with modern 2-factor authentication
- GDPR-compliant, customizable consent management
