Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google Authentication : OAuth2.0 Vs OpenID Connect

Tags:

openid-connect

oauth-2.0

google-oauth

google-authentication

I am evaluating the possible options provided by Google for adding google signin in my web application. The possible options as i see are

  1. Google+ Signin
  2. OAuth2.0
  3. OpenID Connect ( OAuth2.0 for Login )

I didnt go with 1st one as it limits the API calls i can make in a day to 10000

Out of 2 & 3, i am inclined to go for 3rd. I dont really need API authorization and i am not concerned about access token expiration in my case. Once i receive user profile from Google, my web app will manage its own session of the user and does not need to query Google for any other data related to the user. And as per Google documentation, #3 allows me to customize User consent screen, while 1 & 2 dont.

Any comments on my comparison between 2 & 3 ?

like image 855
snegi Avatar asked Jan 13 '15 06:01

snegi

People also ask

What is the difference between OAuth 2.0 and OpenID Connect?

OAuth 2.0 is designed only for authorization, for granting access to data and features from one application to another. OpenID Connect (OIDC) is a thin layer that sits on top of OAuth 2.0 that adds login and profile information about the person who is logged in.

Does OpenID use oauth2?

OpenID Connect is built on the OAuth 2.0 protocol and uses an additional JSON Web Token (JWT), called an ID token, to standardize areas that OAuth 2.0 leaves up to choice, such as scopes and endpoint discovery.

Is OpenID Connect dead?

Is OpenID Dead? Yes, OpenID is an obsolete standard that is no longer supported by the OpenID Foundation.

Is Google OpenID Connect?

Google's OAuth 2.0 APIs can be used for both authentication and authorization. This document describes our OAuth 2.0 implementation for authentication, which conforms to the OpenID Connect specification, and is OpenID Certified.

1 Answers

In fact 2. is comprised of a Google specific usage/extension of OAuth 2.0 to establish user identity on top of the authorization provided by core OAuth 2.0. Using 2. you would have to ensure that you only receive the access token in a code flow and you would have to perform a Google specific introspection call to find out who the user is, where the user's identity is returned in Google specific claims.

On the other hand,3. is a standardized way to login users through a 3rd-party provider so it is a future safe choice for which you'll find more support in libraries/sdk's (well at least in the near future).

like image 196
Hans Z. Avatar answered Sep 22 '22 10:09

Hans Z.
Sign in to Comment

Related questions

How does OAuth2.0 security works in Mobile APPs ? What happens if client_id gets compromised?
Postman Client Credentials Flow with Azure AD protected ressource
Microsoft graph API access tokens lifetime
Azure AD Bearer Token For Multiple WebApi Endpoints?
How to implement "Login with LinkedIn" with "OAuth 2.0" in Android
Android: Verify device google account name on server
Unable to get token using Google APIs [google-oauth-java-client-1.12.0-beta] for service account flow
OAuth: Starting a Google Compute Instance from within Google App Engine
Keep getting Error: redirect_uri_mismatch using youtube api v3
Web API Return OAuth Token as XML
chrome.identity.launchWebAuthFlow logout/switch user
How to use the token returned by GoogleAuthUtil.getToken with my App Engine backend
Using Google API's for one's own account without OAuth
What OpenID Connect adds to OAuth 2.0 (why is OAuth 2.0 not sufficient for authentication?)
Spring Boot + OAuth + JWT + MySQL refresh token not working for second time
Is it OK to pass on OAuth Access Token between services?
Google API Python - KeyError: _module
What is the point in sending client_id and client_secret in SPAs to auth server?
GoogleOAuth2AuthenticationOptions setting access_type as offline
Do I need Oauth2 For my Web Apps API

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!