InfoQ Homepage Presentations OpenID Connect & OAuth - Demystifying Cloud Identity
OpenID Connect & OAuth - Demystifying Cloud Identity
Summary
Filip Hanik and Sree Tummidi talk about the OpenID Connect and OAuth 2 standards, the most popular authentication and authorization frameworks used in native cloud applications today. They share their experiences building the Cloud Foundry User Authentication and Account management project, a production grade OAuth 2 authorization and resource server, as well as an OpenID Connect implementation.
Bio
Filip Hanik works as a Senior Staff Engineer at Pivotal. Sree Tummidi is the Product Manager for Identity & Access Management on Pivotal Cloud Foundry.
About the conference
SpringOne Platform brings together the people, process and tools for delivering and operating software services. Learn and share with the startups and enterprises leveraging modern Java with Spring connecting all the pieces of the modern software puzzle from developer, operator, architect, data scientist to executive.
Community comments
OAuth does not equal OpenID Connect
by Gluu Federation,
OAuth does not equal OpenID Connect
by Gluu Federation,
Your message is awaiting moderation. Thank you for participating in the discussion.
What I see a lot is that people use OAuth2 clients, which work with OpenID Connect, but do not use the security features of OpenID Connect. Is this code verifying the nonce in the id_token? Does it follow all the recommendations in the OpenID Connect basic client implementers guide. Working code is great. But secure code is better. See www.gluu.co/oauth-saml-openid on OAuth v. SAML v. OpenID Connect for a deeper discussion. Also, consider using a client like oxd.gluu.org oxd which provides a secure implementation of OpenID Connect client calls, without some of the complexity required by a low level OAuth client.