OAuth is not an API or a service: it is an open standard for authorization, any developer can implement it, and applications can use it to provide client applications with “secure delegated access.” OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials. OpenID Connect (OIDC), built on top of the OAuth 2.0 protocol, enables clients to verify the identity of the user and obtain their basic profile information. This session covers how OAuth and OIDC work, when to use them, and frameworks/services that simplify authentication.
|Matt Raible||Developer Advocate||Okta|
|Developer Session||Modern Web|
OAuth has nothing to do with Authentication but everything with authorizations. Bad naming.
Delegated authorization inspired OAuth2.
Shoot I was distracted for a few minutes by mails and WhatsApp and missed a bit. Sry
OAuth doesn’t say anything about the format of the token.
Killing the refresh token wil revoke access
I have to apologize again as I am constantly distracted by… well live
Was a great talk but I forgot to blog some moments 👍