Understanding OAuth2, OpenID and OpenID Connect (OIDC), how they relate, how the communications are established, and how to architecture your application with the given access, refresh and id tokens is confusing.
There was a time when securing your application was not so complicated to implement. Users were presented with a login form asking for their usernames and passwords. The server validated those credentials against the storage, mostly a SQL database or a LDAP/Ad directory. Once…