Post

OAuth, SAML and OpenID Connect

Posted
By Xiong Ding 1 min read

OAuth 2.0 is an authorization framework, not an authentication protocol

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

+-------------+                               +------------------+
|             |--(1) Auth Request------------>|  Authorization   |
|             |   (openid scope)              |     Server       |
|             |                               |  (e.g., Google)  |
|  User/Browser|<-(2) Login & Consent----------|                  |
|             |                               +------------------+
|             |--(3) Authorization Code------->|                  |
|             |                               |                  |
|             |<-(4) ID Token + Access Token--|                  |
+-------------+                               +------------------+
       |
       | Use ID Token to identify user
       |
       v
+-------------+
|   Your App  |
| (verifies   |
|  ID Token)  |
+-------------+

At the risk of over-simplification, OpenID Connect is a rewrite of SAML using OAuth 2.0

  1. OIDC is essentially an extension of OAUTH 2.0.

OKTA

Integration Network

Experiment.

  1. Register an account. Must use a company email.
  2. Add a user with personal email.
  3. Then two urls:
    • https://dev-06484947.okta.com/
    • https://dev-06484947-admin.okta.com
security
oauth saml oidc
This post is licensed under CC BY 4.0 by the author.