OIDC (OpenID Connect) and OAuth (Open Authorization) are two protocols used for security and authentication when users log into web applications.
OIDC provides authentication and authorization services, while OAuth provides authorization services.
OpenID Connect (OIDC) is an authentication protocol that defines how users can be authenticated and authorized to access a web application. It is based on the OAuth 2.0 protocol and is used to authenticate a user when they log into a web application. OIDC works by allowing the user to present a set of claims about themselves to the application and then verifying those claims using an external identity provider. This external identity provider is usually a third-party provider such as Google or Facebook. Once the user has been successfully authenticated, they will receive an access token which they can use to access the application.
OAuth (Open Authorization) is an authorization protocol that defines how a user can be authorized to access certain resources in a web application. It is used to authorize access to a protected resource, such as an API or a web page. OAuth works by allowing the user to provide an access token to the application, which the application can then use to access the requested resources. This access token is usually issued by the identity provider that authenticated the user.
In conclusion, OIDC and OAuth are two protocols that are used together to provide secure authentication and authorization when users log into web applications. OIDC is used for authentication, which verifies the user’s identity, and OAuth is used for authorization, which grants the user access to certain resources in the application. Together, these protocols ensure that users are able to securely access the web application and that their data is protected.