What's the difference between OpenID and OAuth?

authentication oauth openid
Micah picture Micah · Jul 6, 2009 · Viewed 268.4k times · Source

I'm really trying to understand the difference between OpenID and OAuth? Maybe they're two totally separate things?

Answer

adrianbanks picture adrianbanks · Jul 6, 2009

OpenID is about authentication (ie. proving who you are), OAuth is about authorisation (ie. to grant access to functionality/data/etc.. without having to deal with the original authentication).

OAuth could be used in external partner sites to allow access to protected data without them having to re-authenticate a user.

The blog post "OpenID versus OAuth from the user’s perspective" has a simple comparison of the two from the user's perspective and "OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing" has more information about it.

Related questions

Authentication for REST web services

I'm starting to design a REST web service, and am unclear on the best approach to authentication. The service will allow individual users to access/manage their own data, so some type of user authentication is required. I've been looking …

Read More
OpenID vs. OAuth

Possible Duplicate: What's the difference between OpenID and OAuth? What is really the difference between OpenID and oAuth? They look just the same to me. I should clarify, I'm planning to use them in drupal, if that makes any difference. …

Read More
What are the main differences between JWT and OAuth authentication?

I have a new SPA with a stateless authentication model using JWT. I am often asked to refer OAuth for authentication flows like asking me to send 'Bearer tokens' for every request instead of a simple token header but I …

Read More