Modern web applications strongly rely on Authentication/Authorization infrastructures. To address these needs, the OSS community has strongly endorsed open protocols such as OpenIdConnect and OAuth2, on top of JSON and REST. In turn, these protocols have been implemented in software products such as Keycloak, WSO2 or Lemonldap.

OpenIdConnect and OAuth2 are authorization protocols, closely aligned with authentication, as provided by Identity Providers. They have been designed within various standardization bodies such as the OpenId foundation or the Internet Engineering Task Force. Understanding these standards is demanding, but needed in order to implement feature-rich solutions, to understand the various options offered to implementers.

This talk will therefore discuss in details OIDC and OAuth : the various flows that exist in order to obtain access tokens for standard clients, and some advanced features enabled by these protocols.