What the Heck Are OAuth and OIDC?

Session abstract

OAuth is not an API or a service: it is an open standard for authorization, any developer can implement it, and applications can use it to provide client applications with “secure delegated access.” OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials. OpenID Connect (OIDC), built on top of the OAuth 2.0 protocol, enables clients to verify the identity of the user and obtain their basic profile information. This session covers how OAuth and OIDC work, when to use them, and frameworks/services that simplify authentication.


Name Title Company
Matt Raible Developer Advocate Okta

Session Info

Session type Track
Developer Session Modern Web

My Notes

OAuth has nothing to do with Authentication but everything with authorizations. Bad naming.

Delegated authorization inspired OAuth2.

Shoot I was distracted for a few minutes by mails and WhatsApp and missed a bit. Sry

OAuth doesn’t say anything about the format of the token.

Killing the refresh token wil revoke access

I have to apologize again as I am constantly distracted by… well live


Was a great talk but I forgot to blog some moments 👍