Menu
Okay, I understand that OpenID Connect is about authentication and oAuth2.0 is about authorization and OpenID Connect is built on top of oAuth2.0. I also understand the difference between these two terms.
I am creating a web app which is also an oAuth2.0 client. A user first needs to sign in to Google in order to use my app. After I receive access_token I query google api and get all the neccessary info about a user. Google uses OpenID protocol.
AFAIK Facebook uses just oAuth2.0. But the flow is basically the same as it is with Google. So what is the difference here?
791
The difference is that OpenID Connect standardizes the so-called userinfo endpoint and the claims that are returned from that endpoint. Facebook uses a proprietary endpoint and claims set, therefore Facebook does not conform to OpenID Connect even though both provide a similar login mechanism. Since they both are built on top of OAuth 2.0, Facebook is an OAuth 2.0 protocol with a custom extension and OpenID Connect is an OAuth 2.0 with a standardized extension (or: profile).
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
