Hi All - Use link below for my popular courses on Authentication www.mudraservices.com/udemycoupon.html?course=oauth www.mudraservices.com/udemycoupon.html?course=advo www.mudraservices.com/udemycoupon.html?course=saml For more of my courses, check out - www.mudraservices.com
Excellent video ! Couple of Suggestions - (1) In the middle there , you started talking about Google/Apple authentication, and then went back and drew the picture for linkedin and FB . Suggest fixing that , because it breaks the flow (2) Towards the end, when you were talking about enterprise apps, and you had said the apps may be interested in access tokens as well - I was unclear on where the LMS is getting the access tokens from, when talking to Google / Apple
I am bit confused with your explaination here. Considering the example where user is using Apple credentials to login to LMS but at the same time it wants to publish on its linkedin app. Would he not be again presented with login page of linkedin app and hence it should also be the case of openid connect and not oauth alone?
You touched on the critical difference between OIDC and OAuth. The user will have to log into LinkedIn App but that would not be OIDC. The intent of the LinkedIn credentials screen is NOT to log into LMS but just to get an access token to call the LinkedIn API. No "openid" scope is required here. So LinkedIn interaction is pure OAuth. The Apple credentials screen is explicitly to log into the LMS. It’s pure OIDC because "openid" scope is required to get user info. LMS will not call any of the Apple API
@@viraj_shetty Thanks for your response. Yeah the explanation was present in the later section of the video. I believe key differentiating factor here is the intent of LMS, if it uses user-info then that use-case qualifies under OIDC otherwise just having access token to call underlying APIs would qualify for OAuth. Please let me know if my understand is correct. Looking forward to takeup your udemy course.
Correct. That's the key where you need the user information. My two courses (especially the Advanced Openid connect) gives elaborate examples on the differences and how to do it in Spring boot. For example, an Application can allow a user to log in using OIDC but could interact with multiple other Auth servers using OAuth - all in the same user session.
Federated Identity simply means that the same set of credentials are used to authenticate many applications. In Enterprise apps, the credentials are stored in AD for example. Auth servers would help in federation because it essentially enables Single Sign On.
It would have been much easier to understand if you would have create two separate diagrams to explain each of them one by one, assume that what happens if Microsoft also does the and explain multiple concepts using single diagram.
Hi All - Use link below for my popular courses on Authentication
www.mudraservices.com/udemycoupon.html?course=oauth
www.mudraservices.com/udemycoupon.html?course=advo
www.mudraservices.com/udemycoupon.html?course=saml
For more of my courses, check out - www.mudraservices.com
Thank you. It really helped my understanding of OAuth & OIDC.
Glad it was helpful!
Very well explained - one of the best videos on UA-cam for ease of understanding - subscribed!
Excellent video ! Couple of Suggestions - (1) In the middle there , you started talking about Google/Apple authentication, and then went back and drew the picture for linkedin and FB . Suggest fixing that , because it breaks the flow (2) Towards the end, when you were talking about enterprise apps, and you had said the apps may be interested in access tokens as well - I was unclear on where the LMS is getting the access tokens from, when talking to Google / Apple
Thanks! Nice explanation for use cases of OAuth and OpenID connect.
Glad it was helpful!
Wonderful explanation
Glad you liked it
Thank you.
You're welcome!
I am bit confused with your explaination here. Considering the example where user is using Apple credentials to login to LMS but at the same time it wants to publish on its linkedin app. Would he not be again presented with login page of linkedin app and hence it should also be the case of openid connect and not oauth alone?
You touched on the critical difference between OIDC and OAuth. The user will have to log into LinkedIn App but that would not be OIDC. The intent of the LinkedIn credentials screen is NOT to log into LMS but just to get an access token to call the LinkedIn API. No "openid" scope is required here. So LinkedIn interaction is pure OAuth.
The Apple credentials screen is explicitly to log into the LMS. It’s pure OIDC because "openid" scope is required to get user info. LMS will not call any of the Apple API
@@viraj_shetty Thanks for your response. Yeah the explanation was present in the later section of the video. I believe key differentiating factor here is the intent of LMS, if it uses user-info then that use-case qualifies under OIDC otherwise just having access token to call underlying APIs would qualify for OAuth.
Please let me know if my understand is correct. Looking forward to takeup your udemy course.
Correct. That's the key where you need the user information.
My two courses (especially the Advanced Openid connect) gives elaborate examples on the differences and how to do it in Spring boot.
For example, an Application can allow a user to log in using OIDC but could interact with multiple other Auth servers using OAuth - all in the same user session.
@@viraj_shetty Will surely look forward to it.
Is this what you would call a 'federated' identity authorization system?
Federated Identity simply means that the same set of credentials are used to authenticate many applications. In Enterprise apps, the credentials are stored in AD for example. Auth servers would help in federation because it essentially enables Single Sign On.
With your explanation, it seems login with Google or Facebook option on websites is using openId connect. Am I correct?
Correct 👍🏼
It would have been much easier to understand if you would have create two separate diagrams to explain each of them one by one, assume that what happens if Microsoft also does the and explain multiple concepts using single diagram.
Thanks for the feedback