Reputation: 11599
Azure AD B2C Open ID Connectivity Vs OAuth 2.0
On this Microsoft documentation on Azure AD B2C, I read
OpenID Connect is recommended if you're building a web application that's hosted on a server and accessed through a browser. If you want to add identity management to your mobile or desktop applications using Azure AD B2C, you should use OAuth 2.0 rather than OpenID Connect.
What are the roles of OpenID Connect and OAuth 2.0 in Azure AD B2C and what features they separately support?
Upvotes: 3
Views: 1677
Answers (1)
Reputation: 8091
The question is not quite correct. On the same page you can read
OpenID Connect extends the OAuth 2.0 authorization protocol for use as an authentication protocol. This authentication protocol allows you to perform single sign-on. It introduces the concept of an ID token, which allows the client to verify the identity of the user and obtain basic profile information about the user.
OpenID Connect (OIDC) is an extension or superset standard/RFC for OAuth 2.0. Both protocols define authentication flows, while OAuth2 is a bit generic, a general framework, that gives a lot of freedom of choice, OIDC specifies important aspects in detail. OIDC adds id_token in JWT format in addition to access token, flows like Hybrid flow, token introspection endpoints etc to OAuth2.
Usually OAuth2 comes together with OIDC. If you want to know difference in detail then there are RFCs for OIDC and OAuth2
So your questions is about protocol difference, you can find a lot of information in addition to RFCs. Here is IMO good article link.
In short:
OAuth2
- access token use but not format specified
- Authorization Code Grant
- Implicit Grant
- Resource Owner Password Credential Grant
- Client Credential Grant
OIDC
- extension of access token by id_token use. id_token in JWT format
- token endpoints, self issued token, offline access
- Authorization Code Flow (extension to Authorization Code Grant)
- Implicit Flow (extension Authorization Code Grant)
- Hybrid Flow
B2C is focused on use from client application side from consumer applications. When you will be creating IdP provider Azure B2C support already existing social providers (Facebook, Microsoft etc), which in fact are OIDC with proprietary extensions, or custom OIDC IdP provider. In terms of API and authentication flows, and it is very typical for any IdP provider, it supports both, so you can use HTTP API for OAuth2 or OIDC, and OIDC is recommended.
Upvotes: 3
Related Questions
- Azure B2C vs Azure External Identities
- Azure AD as an OpenID Connect Provider for an Azure ADB2C
- OpenId Connect Authentication Properties
- Azure AD B2C social sign-in with OAuth2 Provider
- Azure AD B2C - Auth code flow vs implicit grant flow based on client types
- Why use OAuth 2 vs OpenID Connect in Azure B2C for mobile apps
- Azure AD B2C and SQL Server
- Understanding Azure B2C Auth flow - Oauth 2.0 and openID connect
- Issue with Azure AD B2C oauth/OpenIdConnect
- Does Azure Active Directory B2C work with Oauth or Open ID?