Get a brief introduction to OAuth2 and web server flow.

We'll cover the following


Not everything can be simply divided into groups. OAuth2 and OpenID Connect are two examples of this in the world of authentication.

OAuth2 is an open standard for authorization. In that respect, it can be compared to a realm on the application runtime we already know, but it is more than that. Not only does it keep and validate the credentials of the user, it also accepts input for them.

OAuth2 defines how an application can access data or information stored in a system, such as Google Calendar events. The OAuth2 standard gives the end user the control over which applications can access their data and how they can use it. For example, data may be read-only for some applications, while others may be allowed to make changes.

The OpenID Connect specification, which we cover in the lesson “OpenId Connect,” goes further. It allows the application to identify the user and their permissions based on an external system, the OpenId Connect Provider. Think of it as outsourcing your authentication to a third party.

The following diagram shows what is happening behind the scenes:

Get hands-on with 1200+ tech skills courses.