Difference between OpenID connect and oAuth2 from an oAuth client perspective
Question
Okay, I understand that OpenID Connect is about authentication and oAuth2.0 is about authorization and OpenID Connect is built on top of oAuth2.0. I also understand the difference between these two terms.
I am creating a web app which is also an oAuth2.0 client. A user first needs to sign in to Google in order to use my app. After I receive access_token I query google api and get all the neccessary info about a user. Google uses OpenID protocol.
AFAIK Facebook uses just oAuth2.0. But the flow is basically the same as it is with Google. So what is the difference here?
1 answers
solution1
3 2014-12-17 07:00:53
The difference is that OpenID Connect standardizes the so-called userinfo endpoint and the claims that are returned from that endpoint. Facebook uses a proprietary endpoint and claims set, therefore Facebook does not conform to OpenID Connect even though both provide a similar login mechanism. Since they both are built on top of OAuth 2.0, Facebook is an OAuth 2.0 protocol with a custom extension and OpenID Connect is an OAuth 2.0 with a standardized extension (or: profile).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.