Authentication and Authorization
- Justin Richer
- Aaron Parecki
- OAuth 2.0
- It’s Time for OAuth 2.1
- OAuth 3
- Transactional Authorization
- It takes a completely greenfield approach, rethinking how OAuth and all its related specs and extensions such as UMA might look if everything were not tied to being an extension of the original OAuth 2.0 RFC 6759
JSON Web Tokens (JWT) are a more modern approach to authentication. As the web moves to a greater separation between the client and server, JWT provides a wonderful alternative to traditional cookie based authentication models.
(Authorization) OAuth2 is an authorization mechanism (i.e. allows you to check that a token is valid and has a specific set of scopes granted) An Introduction to OAuth 2
(Authentication and Authorization) OpenID Connect is just an authentication layer built on top of OAuth2. It is a standards specifications and there are a lot of implementations for this standard.
- Identity Provider (IDP): offers user authentication as a service
- Relying Party (RP): an application that outsources its user authentication function to an IDP.