WingNews logo WingNews
top | item 17481613

(no title)

jakubriedl | 7 years ago

This seems to me as just a subset what OpenID Connect is. OIDC is an addition to OAuth2 and supports all mentioned

- user identity: core user info endpoint

- discovery: https://openid.net/specs/openid-connect-discovery-1_0.html

- client registration: https://openid.net/specs/openid-connect-registration-1_0.htm...

And also other features which are important for more complex cases than just simple "login using X" button.

discuss

order

hardwaresofton|7 years ago

The battle between OAuth 1.0a, 2.0, and OIDC is really long and drawn out and doesn't seem to have a clear winner which I think is hurting everyone (though of course some companies are winning because they can support everything and offer that as value).

I sure do wish people would just standardize on OIDC...

woranl|7 years ago

It’s unfortunate. Big companies are pushing for OAuth 2.0 and trying to blindsided people as if it is an upgrade to OAuth 1.0a. It is not. OAuth 1.0a provides authenticity, integrity, and non-repudiation. Something that OAuth 2.0 does not provide.

LoSboccacc|7 years ago

large providers will drag their feet kicking and screaming because the prominent 'login with facebook / google' link are both selling point of their platform and monitoring opportunities for third party users.

Boulth|7 years ago

Google and Microsoft are two big companies supporting OIDC.

user5994461|7 years ago

OpenID Connect is a subset of the OAuth 2.0 spec. They come in a bundle.

detaro|7 years ago

Does anything actually implement discovery? I looked at various OpenID Connect implementations a while back and nobody seemed to support it. It's a pretty big user-education problem if you can't just say "you can use OpenID Connect", but have to explain "you can use OpenID Connect, provided your provider supports Extensions X and Y, and they probably don't clearly document that they do, so please just try logging in here and see if it works".

dwaite|7 years ago

Quite a few things implement discovery. Most IDPs advertise metadata, and many RP libraries consume it by default. IDPs even motivate them to consume it by rotating signing keys pretty often.

Not many things support dynamic client registration, which means the list of IDPs a site can use are pretty static.