OAuth and OpenID explained with real life examples

How OAuth, OpenID, and Claims Work

Many modern-day web applications and apps are secured with OAuth and OpenID. These protocols have been implemented in many Microsoft and Java solutions. But these protocols have a steep learning curve. Documentation is either very technical or opinionated.

OAuth and OpenID are authentication and authorization protocols invented to solve different problems. They both use “access tokens” that contain scopes and claims. This article describes the concept behind these protocols and describes two different approaches to securing resources, using scopes, and claims.

The Protocols

Usually, OpenID and OAuth are applied in combination. But there’s a big difference between the two, as they solve different problems. Clear examples of OAuth and OpenID usages are demonstrated when downloading contacts from Google into your LinkedIn account, and when logging into Spotify through your Facebook account.

Download Your Google Contacts into LinkedIn with OAuth

LinkedIn has a feature that imports your Google contacts and invites them to connect with you. Back in the day, LinkedIn would ask you to give them your Google username and password. They would use it to log in on your behalf, download your contacts and log out. You can only hope that they don’t do anything else with your credentials. OAuth was designed to…