Last year searching a bit about authentication in API's REST
I heard about OAuth
and saw many recommendations regarding it. I read a bit about it, I liked it and I started to use it with ASP.NET Web API 2
.
Now I've only recently heard about Open ID Connect
that I understand extends OAuth 2
, that is, it's an OAuth 2 superset. But I've always heard that Open ID
was something totally different.
In this way, what are the actual differences between Open ID Connect
and OAuth
? How do Open ID Connect
extend OAuth
and what are the advantages / disadvantages of each of them?