I have confusion about Oauth2 and Open Id Connect I know that Oauth2 for authorization and oidc for authentication but Oauth2 provide access token to access to protected resources and oidc provide identity resources like id,profile (claims)
My question if I used oauth only without oidc and get access token then try to decrypt it can’t find claims?
thanks for all
2
Answers
OAuth 2.0 is primarily focused on authorization, while OIDC adds an authentication layer on top of OAuth 2.0, providing identity information about the user. JWTs are commonly used as access tokens in OAuth 2.0, but the choice of token format depends on the implementation.
If you only use OAuth 2.0 without OpenID Connect, the access token you receive is typically focused on providing access to secure resources and may not contain user identity information. An access token is intended to present a resource server with access to specific resources on behalf of the user, but it does not include a claim about the user’s identity.
In contrast, OpenID Connect introduces the concept of ID tokens, i.e. JWTs (JSON Web Tokens) containing information about the authenticated user. These ID tokens include claims such as the user’s unique identifier (sub), their name (name), and other relevant information depending on the scope of authentication.
If you’re looking for user identity information, especially in the form of claims, using OpenID Connect is a simpler and more standardized approach in comparison.