Last Monday, I taught a 2-hour live online training offering an introduction to OAuth 2.0 and OpenID connect. The recording is freely available on my website, so I hope this can help you better understand these technologies.
All info available here: https://pragmaticwebsecurity.com/courses/introduction-oauth-oidc.html
Everyone who first learns about OAuth 2.0 and OpenID Connect is confused. There are dozens of specifications with uncommon terminology and hard-to-understand scenarios. Eventually, you will have a working implementation, but questions remain. Why use the complicated redirect, instead of just a custom login form? Is this the right flow for my application? Where do I store tokens, and how can I protect them?
This session helps you clear up the confusion surrounding OAuth 2.0 and OpenID Connect. You will learn about the purpose of these technologies and their concrete use cases. Using examples, we explore current best practice recommendations for using OAuth 2.0 and OpenID Connect. Throughout this session, we also identify which recommendations are likely to become part of the upcoming OAuth 2.1. At the end of this session, you will understand how and where to use OAuth 2.0 and OpenID Connect.