Difference between Open ID and OAuth
-
i am familiar with OAuth but not with open id. Nowadays many web site allow us to login to their site with facebook, linkedin etc. so when we click on facebook image then we redirected to facebook login page where we provide our facebook credential. if credential is right then facebook redirect us to first site. the advantage is we do not have to create & remember many credentials rather remember one. but i do not know what is open id and how it works? i read this article http://www.devcurry.com/2012/11/aspnet-mvc-4-external-login-using-openid.html it seems that in case of both open id and oauth user create their login to external site and user use that credential to other web site to login. if it is right then oauth and open id both are same and doing same purpose. so where is the difference? please discuss how open id is different from oauth in terms of flow ?
-
i am familiar with OAuth but not with open id. Nowadays many web site allow us to login to their site with facebook, linkedin etc. so when we click on facebook image then we redirected to facebook login page where we provide our facebook credential. if credential is right then facebook redirect us to first site. the advantage is we do not have to create & remember many credentials rather remember one. but i do not know what is open id and how it works? i read this article http://www.devcurry.com/2012/11/aspnet-mvc-4-external-login-using-openid.html it seems that in case of both open id and oauth user create their login to external site and user use that credential to other web site to login. if it is right then oauth and open id both are same and doing same purpose. so where is the difference? please discuss how open id is different from oauth in terms of flow ?
In general, OpenID is about authentication(proving who you are (a.k.a identity)), OAuth is about authorization (to grant access to files/resource/data without having to deal with the original authentication). There's another thing called OpenID Connect which does both. This blog post should give you a more detail information: OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing[^]
-
In general, OpenID is about authentication(proving who you are (a.k.a identity)), OAuth is about authorization (to grant access to files/resource/data without having to deal with the original authentication). There's another thing called OpenID Connect which does both. This blog post should give you a more detail information: OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing[^]
i have seen a forum stackoverflow where user can login with openid and oauth to post their question. in both case 3rd party validate user and send a token to stackoverflow to get access. so how we can say openid is authentication system and oauth is authorization system because in case of stackoverflow access both does the same thing. looking for further discussion. thanks
-
i have seen a forum stackoverflow where user can login with openid and oauth to post their question. in both case 3rd party validate user and send a token to stackoverflow to get access. so how we can say openid is authentication system and oauth is authorization system because in case of stackoverflow access both does the same thing. looking for further discussion. thanks
Mou_kol wrote:
openid is authentication system and oauth is authorization system because in case of stackoverflow access both does the same thing.
No. they're not the same. Again, OAuth is basically a protocol that supports authorization workflows. What this means is that it gives you a way to ensure that a specific user has permissions to do something and that’s it. OAuth isn’t meant to do stuff like validate a user’s identity — that’s taken care of by an Authentication service (e.g login with Facebook, Google, any other form of OpenID credentials or your own custom authentication service). Authentication is when you validate a user’s identity (like asking for a username / password to log in) -- that's what an OpenID, whereas authorization is when check to see what permissions an existing user already has. It just that SO is an OpenID provider and as well as an OAuth2 Consumer: Stack Exchange is an OpenID Provider - Stack Overflow Blog[^]