Appendix B. OAuth 2.0 authorization and OpenID Connect authentication¹

B.1 Authorization vs. authentication

Authorization is the process of giving a user (a person or system) permission to access a specific resource or function. Authentication is identity verification of a user. OAuth 2.0 is a common authorization algorithm. (The OAuth 1.0 protocol was published in April 2010, while OAuth 2.0 was published in October 2012.) OpenID Connect is an extension to OAuth 2.0 for authentication. Authentication and authorization/access control are typical security requirements of a service. OAuth 2.0 and OpenID Connect may be briefly discussed in an interview regarding authorization and authentication.

A common misconception online is the idea of “login ...

Get Acing the System Design Interview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Acing the System Design Interview by zhiyong tan

Appendix B. OAuth 2.0 authorization and OpenID Connect authentication¹

B.1 Authorization vs. authentication

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly

Appendix B. OAuth 2.0 authorization and OpenID Connect authentication1

B.1 Authorization vs. authentication

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly

Appendix B. OAuth 2.0 authorization and OpenID Connect authentication¹