OAuth2 and OIDC

Categories: Programming

I’ve written the occasional OAuth2 client application over the years but never really understood what was going on with client-ids, secrets, grants, scopes, and so forth. However I’m currently involved in a project to migrate a large IT system to using OAuth2 and OpenID Connect, so it is clearly time to learn this stuff properly.

After some long research, I have written an architectural introduction to OAuth2 and OpenID Connect summarizing what I have learned - mainly for myself, but maybe you will find it helpful too. Warning: it is pretty long (17,000 words)!