I understand that OpenId connect is a layer built on top of OAuth 2.0 for authentication. OAuth2.0 basically addresses Authorization whereas OpenId connect builds authentication framework on top of OAuth2.0 (via an explicit ID_token). But I am bit confused about the difference between OAuth 2.0 password grant type (I am not asking about other grant types, please note) and OpenId connect. Can anyone please explain it? Is there any difference in the use cases? Thanks in advance.
Asked
Active
Viewed 290 times
1
-
See this question [What's the difference between OpenID and OAuth?](https://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth?rq=1)A – Tore Nestenius Nov 15 '20 at 11:06
-
That is not what I asked. The exact difference between an OAuth grant type (password grant) and OpenId is what I am looking for. I understand the difference between OAuth and OpenId. Thanks. – SRaj Nov 15 '20 at 15:49
1 Answers
1
This quote based from here, and it may help you
As we know, Authorization Code Grant and Implicit Grant are typical 3-legged flows including interaction between a client, an authorization server, and a user. While the Resource Owner Password Credential Grant and Client Credential Grant are 2-legged which means the client uses pre-authorized scopes so that no interaction with the user is necessary, removing the need to perform one of the legs in the typical flow.
Avi Siboni
- 686
- 7
- 16
-
-
Password grant used the two legged flow and gets the access token only. I guess there is no ID_token. In OpenId Connect, ID_token is a must. Is that the difference? – SRaj Nov 15 '20 at 15:56