Wednesday, October 6, 2021

Dive Into OAuth Grant Types and OpenID Connect Flows

In my last article, you could read about the differences between OAuth, SAML, and OpenID Connect. Today I want to continue the topic. We will dive deeper into the processes of authentication and authorization offered to us by respectively (OpenID Connect) and (OAuth). However, we will start with a few words about the naming conventions in both.

GrantTypes vs Flows — Semantic Difference

In general, both terms are correct and can be used simultaneously. Both of them describe the same thing – a process of obtaining an Access Token. Just keep in mind that the term “Grant Type” is more strongly related to OAuth, while the term “Flow” is more related to OpenID Connect. As a side note, I can add that the term “Flow” rarely occurs in the OAuth specification.



from DZone.com Feed https://ift.tt/3Bl0EhU

No comments:

Post a Comment