Modern web applications strongly rely on Authentication/Authorization infrastructures. To address these needs, the OSS community has strongly endorsed open protocols such as OpenIdConnect and OAuth2, on top of JSON and REST. In turn, these protocols have been implemented in software products such as Keycloak or Lemonldap.

OpenIdConnect and OAuth2 are authorization protocols, closely aligned with authentication, as provided by Identity Providers. They have been designed within various standardization bodies such as the OpenId foundation or the Internet Engineering Task Force. Understanding these standards is demanding, but needed in order to implement feature-rich solutions, to understand the various options offered to implementers.

This talk will therefore discuss in details OIDC and OAuth : the various flows that exist in order to obtain access tokens for standard web apps as for single page applications, the various features that exist to support the needs of mobile devices, in order to address real-world uses cases.