One thing I wish I had learnt early on when I started looking into authenticatio... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hd4 12 months ago \| parent \| context \| favorite \| on: What's OAuth2, anyway? One thing I wish I had learnt early on when I started looking into authentication is that OIDC (ideally with SSO through Google or GitHub) is the protocol/real-world implementation most developers will want to just be able to get started with whereas OAuth2 is more like the (boring) specification. If you're wondering what to use to get authentication working (and not doing something risky), 90% of the time the answer will be OIDC.

tptacek 12 months ago [–]

OAuth2 is more general than OIDC, came first, and was intended to solve a smaller problem (delegated access to resources). OIDC is identity (rather than permission) implemented on top of OAuth2.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact