DEV Community

Diego Dias
Diego Dias

Posted on

OAuth andOpenID - Introduction

Hello, welcome to my second post at Dev.to! :D

We'll cover the basics of OAuth and OpenId and try to make the concept simple enough to memoize for interviews, let's go!

First thing, OpenID and OAuth are different things.

Authorization

OAuth is responsible for issuing a "token" after you provide your credentials to the OAuth server, which answers back with the access token that gives you access to APIs but doesn't carry any user data. That's what they call authorization.

Authentication

OpenId implements the concept of user identity on top of the OAuth token mechanism, the difference is that you also receive an ID Token alongside the access token. That's what they call authentication.

const OAuth = 'Authorization';
const OpenID = 'Authentication';
Enter fullscreen mode Exit fullscreen mode

Simple, isn't it? Well, that's what they say. Look at the diagram below:

OAuth and OpenID Diagram

Link to the full diagram:
https://infosec.mozilla.org/guidelines/assets/images/OIDC_sequence_diagram.png

That's basically the flow for an OpenID authentication.

The main difference between this type of authentication and the standard cookie model is that it has its own authentication server and this server has full access agency, meaning controlling access by registering applications upfront and generating ClientID's and ClientSecret's for each registered client on this server.

These Secret's and ID's are now used on the clients to perform requests to the authentication server, which provides the token.

I think that's a good introduction to OAuth and OpenID.

What've learned so far:

1 - Authentication and Authorization
2 - Authorization Server
3 - ClientID and ClientSecret

In the next articles, I'll cover more about the token and its different strands.

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more →

Top comments (0)