What’s the difference between OpenID and OAuth?

by

OpenID is about authentication (ie. proving who you are), OAuth is about authorisation (ie. to grant access to functionality/data/etc.. without having to deal with the original authentication).

OAuth could be used in external partner sites to allow access to protected data without them having to re-authenticate a user.

The blog post “OpenID versus OAuth from the user’s perspective” has a simple comparison of the two from the user’s perspective and “OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing” has more information about it.

More Related Contents:

  1. Why is there an “Authorization Code” flow in OAuth2 when “Implicit” flow works so well?
  2. What are the main differences between JWT and OAuth authentication?
  3. Is Facebook an OpenID provider?
  4. Single sign-on flow using JWT for cross domain authentication
  5. Where can I find a list of OpenID Provider URLs? [closed]
  6. How does OpenID authentication work?
  7. Google OAuth 2 authorization – Error: redirect_uri_mismatch
  8. Authentication filter and servlet for login
  9. How can I extend ServiceStack Authentication
  10. Socket.IO Authentication
  11. Security of REST authentication schemes
  12. Forgot Password: what is the best method of implementing a forgot password function?
  13. Authentication with 2 different tables
  14. How to use UrlFetchApp with credentials? Google Scripts
  15. how to implement login auth in node.js
  16. What is the purpose of a “Refresh Token”?
  17. What if JWT is stolen?
  18. How to get a JWT?
  19. CSRF Token necessary when using Stateless(= Sessionless) Authentication?
  20. IIS7: Setup Integrated Windows Authentication like in IIS6
  21. How to use Windows Active Directory Authentication and Identity Based Claims?
  22. In Subversion can I be a user other than my login name?
  23. Microservice Authentication strategy
  24. How to properly use Bearer tokens?
  25. How to use Github Personal Access Token in Jenkins
  26. ASP.NET MVC 3 using Authentication
  27. Customize Authentication – Login Symfony2 Messages
  28. How to use Client Certificate Authentication in iOS App
  29. Trouble getting ClaimsPrincipal populated when using EasyAuth to authenticate against AAD on Azure App Service in a Asp.Net Core web app
  30. Web API 2, OWIN Authentication, SignOut doesn’t logout

Leave a Comment