OAuth2

Introduction I’m currently building an Identity Server at my company, and it needs to support not only the OAuth2 protocol, but also OpenID Connect (OIDC), so it can integrate smoothly with other applications. When I first started learning about OIDC, I was quite confused. At first, OAuth2 and OIDC looked very similar to me. They both involve authorization servers, clients, tokens, redirects, scopes, and many familiar endpoints. But after reading more specifications and implementing the protocol step by step, I realized the key difference:...

1. Introduction Are you confused about the type of OAuth2 you should be using? Or do you not even know that there are several grant types in the OAuth2 protocol? Here’s a quick guide to help you understand the differences between them and determine which one you should use. 2. 4 Authorization Grant Types Authorization Code Grant The authorization code grant is the most common, secure, and recommended grant type. After the resource owner grants permission, the authorization server redirects them to a callback URL with an authorization code in the query string....