Introduction to OAuth 2.0 and OpenID Connect
This video is available in the GOTO Play video app! Download it to enjoy offline access to our conference videos while on the move.
OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit in? How can I use OAuth in a secure fashion?
To add more confusion to this topic, OpenID Connect was build on top of OAuth 2.0. OpenID Connect has become an industry leading standard for user identification. It is used by many of the largest organizations on the web. When implemented properly, OpenID Connect can be a reliable and secure solution for user identification. When implemented improperly, OpenID Connect can leave a gaping whole in your infrastructure that leaks important capabilities to unwanted parties.
This talk with provide an introduction to both topics and what their intended use is really for.