An Identity Layer for your APIs
What is the difference between OAuth 2 and OpenID Connect?
If you have read the OAuth 2 Book, you already know a lot about OAuth. The OAuth standard ensures that there is no unintended leakage of information about the resource owner to the client. For example, it is ensured that the client does not get hold of the resource owner’s credentials. The OAuth standard ensures the privacy of the resource owner. However, there are cases, where the client should have the possibility to get access to specific profile information of the resource owner.
The profile information about the resource owner is made accessible via APIs with a RESTful interface. OpenID Connect standardizes how such interfaces look like and how the data is structured and organized. OpenID Connect extends the authorization code flow, introduces new tokens and standardizes some endpoints. OpenID Connect is a solution that can be applied in many environments, on many devices and with many different products.
The API-University Series is a modular series of books on API-related topics. Each book focuses on a particular API topic, so you can select the topics within APIs, which are relevant for you.
Keywords: OpenID Connect, REST, API, JWT, Token, Identity, OAuth
Available December 2017.
Get a Discount Code Now:
Get the Book
Title: OpenID Connect – Identity Layer for your APIs