Sign up for a free recipe e-book →

Daily Blog

,

OAuth vs. OpenID Connect (OIDC) vs. SAML

Published by

Iman Dabbaghi

on

OpenID Connect (OIDC), OAuth 2.0, and SAML are three widely used protocols for authentication and authorization, but they serve different purposes.

1. OAuth 2.0: Authorization

  • Purpose: OAuth 2.0 is an authorization framework. It allows third-party applications to access a user’s resources on another service (like Google, Facebook) without exposing the user’s credentials.
  • Focus: Authorization (access control).
  • Use case: A user grants an app access to their Google Drive files without sharing their password.
  • Example: Login via Google on a website, allowing the website to access your profile or files.

2. OpenID Connect (OIDC): Authentication (Built on OAuth)

  • Purpose: OIDC is an authentication layer built on top of OAuth 2.0. It verifies the user’s identity and allows fetching profile information.
  • Focus: Authentication (who the user is) + Authorization.
  • Use case: A website uses Google OIDC to authenticate the user and obtain basic profile information like name and email.
  • Example: Logging in with Google and retrieving the user’s identity for authentication.

3. SAML (Security Assertion Markup Language): Authentication & Single Sign-On (SSO)

  • Purpose: SAML is primarily used for Single Sign-On (SSO) and authentication in enterprise environments. It allows exchanging authentication and authorization data between identity providers (IdP) and service providers (SP).
  • Focus: Authentication and authorization, with a strong focus on enterprise-level SSO.
  • Use case: Employees of a company use a single set of credentials to log in to multiple internal apps through SAML SSO.
  • Example: Logging into multiple corporate apps using one set of credentials through a central SSO portal.

Key Differences:

  • OAuth 2.0: Focuses on delegating authorization (e.g., accessing resources on behalf of the user).
  • OIDC: Adds authentication on top of OAuth, allowing verification of the user’s identity and fetching their profile.
  • SAML: Provides both authentication and authorization, but is XML-based and used mainly in enterprise environments for Single Sign-On (SSO).

Summary:

  • OAuth 2.0: Authorization protocol, grants access to resources.
  • OIDC: Authentication + Authorization, built on OAuth for identity management.
  • SAML: Authentication + SSO, used in enterprise settings with XML-based communication.

Hinterlasse einen Kommentar

Hallo!

I’m Iman

Mein Name ist Iman Dabbaghi. Ich arbeite als Senior Software Engineer in der Schweiz. Außerdem interessiere ich mich sehr für gewaltfreie Kommunikation, Bachata-Tanz und Musik sowie fürs die Persönlichkeitsentwicklung.

Ich habe einen Masterabschluss in Informatik von der Universität Freiburg in Deutschland, bin Spring/Java Certified Professional (OCP), Certified Professional for Software Architecture (CPSA-F) und ein lebenslanger Lernender 🎓.

EN:

My name is Iman Dabbaghi. I work as a Senior Software Engineer in Switzerland. I am also very interessted in nonviolent communication, Bachata dance and music and also for personal development.

I hold a masters degree in computer science from the university of Freiburg in Germany, am a Spring / Java Certified Professional (OCP), Certified Software Architecture (CPSA-F) and Life Long Learner🎓

Let’s connect

GFk Newsletter!

Jetzt die E-Mail Adresse eingeben und über die Termine benachrichtigt werden.

Neueste Beiträge