Authentication and Authorization
- Justin Richer
- Aaron Parecki
- OAuth 2.0
- It’s Time for OAuth 2.1
- OAuth 3
JSON Web Tokens (JWT) are a more modern approach to authentication. As the web moves to a greater separation between the client and server, JWT provides a wonderful alternative to traditional cookie based authentication models.
(Authorization) OAuth2 is an authorization mechanism (i.e. allows you to check that a token is valid and has a specific set of scopes granted) An Introduction to OAuth 2
(Authentication and Authorization) OpenID Connect is just an authentication layer built on top of OAuth2. It is a standards specifications and there are a lot of implementations for this standard.
- Identity Provider (IDP): offers user authentication as a service
- Relying Party (RP): an application that outsources its user authentication function to an IDP.