19Şub
Did I get it right? OAuth2, OpenID and OpenID Connect
After a lot of research about authentication and authorization, I reached the following but not sure if what I reached is the correct thing so please help me out:
Authentication is who you are. Authorization is what can you do!
- OAuth is for Authorization
- OpenID is for Authentication
- BUT you can use OpenID Connect which is an extra layer on top of OAuth2 to achieve an Authorization with a pseudo Authentication (we assume that if this person has rights to do this then they are the right person)
So using OpenID Connect is not the best thing to do since it's not an actual Authentication but then I searched some more for best ways to Authenticate and I didn't find anything but HTTP Basic(With SSL to get rid of man in the middle attack) or API Keys which both aren't that secure technically.
I'm kind of lost if I actually understood these concepts correctly and what should I actually use.
