Oauth-2 and OpenId Connect

OAuth 2.0 is a authorization framework where a user of a service can allow a third-party application to access his/her data hosted in the service without revealing his/her credentials (ID & password) to the application. OAuth 2.0 is a set of defined process flows for “delegated authorization”.

OpenID Connect is a framework on top of OAuth 2.0 where a third-party application can obtain a user’s identity information which is managed by a service.  OpenID Connect  standardizes the flow for person authentication using OAuth2. OpenId Connect is a set of defined process flows for “federated authentication”.

OAuth 2.0 Terminology:

Resource Owner:


Resource Server:

Authorization Server: