Evolution of OAuth and OpenID Connect

29min Snip

00:00

Play full episode

Summary

Transcript

Episode notes

The chapter explores the historical context and evolution of OAuth and OpenID Connect, detailing the transition from OAuth 1 to OAuth 2 and the introduction of bearer tokens for authentication security. It delves into the relationship between OAuth and OpenID Connect, emphasizing the role of OpenID Connect in extending OAuth's functionality with authentication features. Additionally, the discussion covers the significance of scoped access, the benefits of proof of possession capabilities, and the broader concept of single sign-on in the realm of federated identity.

OAuth is an open standard for access delegation. It lets users grant websites or applications access to their information on other websites, but without giving away passwords.

OpenID Connect is an identity layer on top of OAuth. Even if you haven’t programmed using OAuth and OpenID Connect, you’ve certainly used them for authentication on Google, Facebook, Spotify, and countless other services.

Authlete is a service that provides a set of APIs to implement OAuth authorization servers, and OpenID Connect identity providers.

Justin Richer is the Principal Architect at Authlete and is part of the working group that developed OAuth 2.0. He joins the podcast to talk about the history of OAuth, OAuth as a delegation protocol, the Authlete API, and much more.

Check out https://events.authlete.com/sed to try out Authlete for an extended 90-day free trial.

Full Disclosure: This episode is sponsored by Authlete.

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.