search

Use OAuth 2.0 and OpenID Connect As Protocols for Authentication and Authorization

  • Status: accepted

  • Date: 2020-06-02

hashtag
Context and Problem Statement

What protocol(s) shall we use as the new standard for authentication and authorization. It would be supported by our new centralized authority server and should be implemented in all new clients and resource systems needing authentication or authorization. A requirement might be made that the authority service need to support other protocols for legacy systems but all new systems should be encourage to use the same protocol.

hashtag
Decision Drivers

  • Secure

  • Well defined and well reviewed standard

  • Easy to implement by client and resource systems

  • Support for non web client systems i.e. mobile devices

hashtag
Considered Options

  • OAuth 2.0 + OpenID Connect

  • SAML 2.0

hashtag
Decision Outcome

Chosen option: "OAuth 2.0 + OpenID Connect", because it is secure and well examined and and has support libraries for our tech stack.

hashtag
Pros and Cons of the Options

hashtag
OAuth 2.0 + OpenID Connect

  • Good, because the authentication protocal is designed specifically to work with the authorization protocol.

  • Good, because it supports non web clients i.e. native apps.

  • Good, because it has certified, open source libraries for relying parties for OpenID authentication that match our

    tech stack (javascript with typescript defenitions).

  • Bad, because it could require large tokens for authorization for multiple services, or split up tokens complicating

    the process.

hashtag
SAML 2.0

  • Good, because it is the currently used standard for legacy systems.

  • Bad, because it doesn't have good support for non web clients.

  • Bad, because main focus is on enterprise SSO, not centralized authorization.

PreviousViskuausan Static Site GeneratorNextUnified Naming Strategy for Files and Directories

Last updated

Was this helpful?