Member-only story

OAUTH + OPENID

1 min readMay 5, 2020

OAUTH — Delegated Authorization protocol. Basically you want to expose your permissions(scopes) of your resource(api) to outside world. You need a resource(contacts.google.com) permissions(read,update etc) and identity ( accounts.google.com)

OPENID — Built on top of OAUTH as people are using OAUTH for AUTHENTICATION. When calling resource server, scope set to OPENID and resource server will return ID_TOKEN (AUTHENTICATION) along with ACCESS_TOKEN(AUTHORIZATION)

FOUR TYPES OF OAUTH CALLS

AUTHCODE — Resource server returns a code to browser(frontchannel) and again we need to pass the authcode to resource server to get the accesstoken(backchannel). This is for security purpose

IMPLICTFLOW — Backchannel call skipped and directly access token returned from server

LINKEDIN SAMPLE FOR OAUTH

https://docs.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context

OPENSOURCE IDENTITY PROVIDER ON SCOPE

https://www.janua.fr/using-client-scope-with-redhat-sso-keycloak/

TO DEBUG

OAuth 2.0 debugger

Test and debug OAuth 2.0 requests. This free tool makes it easy to send requests and view responses.

oauthdebugger.com

OpenID Connect debugger

Test and debug OpenID Connect requests. This free tool makes it easy to send requests and view responses.

oidcdebugger.com