[Openid-specs-ab] OAuth 2.0 and Sign-In

Mike Jones Michael.Jones at microsoft.com
Wed Jan 2 18:21:31 UTC 2013


I highly recommend a piece that my friend Vittorio Bertocci wrote on the relationship between OAuth 2.0 and sign-in/federation protocols<http://blogs.msdn.com/b/vbertocci/archive/2013/01/02/oauth-2-0-and-sign-in.aspx>. While OAuth 2.0 can be used to sign in users and the term "OAuth" is often bandied about in identity contexts, as he points out, there's a lot of details to fill in to make that possible. That's because OAuth 2.0 is a resource authorization protocol - not an authentication protocol.
Read his post for a better understanding of how OAuth 2.0 relates to sign-in protocols, including a useful discussion of how OpenID Connect<http://openid.net/connect/> fills in the gaps to enable people to sign in with OAuth 2.0 in an interoperable manner.  Or share it with others for whom it would be useful to understand the difference.

                                                                -- Mike

P.S.  I also blogged about his post at http://self-issued.info/?p=929 and tweeted a pointer to it as @selfissued.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130102/3f0012b2/attachment.html>


More information about the Openid-specs-ab mailing list