OAuth 2.0 and OpenID Connect (In Plain English)

By Micah Silverman

Elevator Pitch

You’ve probably at least heard of the OAuth and OpenID Connect standards. It’s challenging to find a good overview of how they work. In this talk, Micah digs into these protocols in plain English, including a “Live Action OAuth Theater” segment in which volunteers act out a common OAuth interaction.


Here’s the Live Action OAuth Theater segment of the talk (5 minutes)

If you’ve ever tried to search for information on OAuth and/or OpenID Connect, you’ve probably encountered deep dive code examples or references to the specifications. The specifications are great if you’re building OAuth from scratch or suffer from insomnia. Many examples focus on just code, rather than concepts.

These types of resources are not useful for understanding the concepts and historical backdrop for why OAuth and OIDC exist.

In this talk we start with the foundations of federated and delegated authentication and authorization, work our way through concepts and foundations for OAuth and OIDC and end with some practical demonstrations of the standards in action.