Oauth2 for authorization and authentication?

Question

Oauth2 for authorization and authentication?

Can Oauth2 be used for authorization and authentication?

As I understand it, Oauth2 allows a consumer application to access user information from providers (e.g. Facebook, Google, Twitter, etc.).

But can Oauth2 be used to authenticate a user? For example, suppose we have an application consisting of native mobile interfaces and a backend api - can Oauth2 be used to authenticate and support authentication over authorization from providers such as Facebook, Google, Twitter, etc.

If so, how? For example, do we save the authentication token and use it as a session token? Or is OpenId Connect necessary to authenticate users to a "consumer" application through third-party providers?

+2

django oauth-2.0 google-oauth openid-connect

Ari Mar 10 '15 at 17:01

source share

1 answer

Hans Z. · Accepted Answer · 2015-03-10T18:53:22+0000

OAuth 2.0, in its specification conforming to the specification, cannot be used to authenticate users. Having said that, you can develop an OAuth 2.0 extension that will authenticate the user. Some suppliers, for example. Facebook did just that.

OAuth 2.0, , OpenID Connect. OpenID Connect , . OpenID Connect - JWT, id_token. id_token .

OAuth 2.0 . http://oauth.net/articles/authentication/

Oauth2 for authorization and authentication?

More articles: