There are lot of confusion about different security protocols & frameworks like – OpenID, SAML, OAuth, Okta, etc.. In this tutorial we will discuss all those.
OpenID Connect and SAML:
OpenID Connect and SAML are both protocols for authentication. These both deal with logins (authentication), the Identity Management.
OpenID Connect sits on top of OAuth2.0 framework.
JWT:
JWT is created by a company called auth0 (pronounced as “auth -zero“), which is now owned by another company called Okta. Okta and auth0 are still 2 different technologies. It provides both authenication and authorization to its customers.
Both these technologies provides IDaaS (ID as a service, i.e., both authentication & authorization) to their customers, where the Identity (authentication) and Access (authorization) has been moved from on-premise to the cloud. Earlier these 2 companies were direct competetors of each other.
JWT is an open source industry standard named RFC 7519.
For more details you can visit the official site of JWT here.
Auth0 (Auth Zero):
It is a framework that controls both authentication and authorization. It is also the name of the company that owns it.
OAuth (Open Authorization):
It is a framework that controls authorization, it does not provide authentication. It allows third-party applications to login to their system using credentials of other vendors like Facebook/Google/Twitter/GitHub. It uses tokens for access control instead of conventional passwords.
OAuth1.0 was basically for browser based applications. The access tokens were not short-lived and no refresh token facility available. The sign-in process were complex.
OAuth 2.0 is a complete rewrite of OAuth 1.0 and it’s not backward compatible with OAuth 1.0. It can be used for both browser and non-browser based applications. The access tokens were short-lived and refresh token facility is also available. The sign-in process is quite simple.
Since OAuth 2.0 does not have the authentication protocol its only for the Access Management we have to take help of OpenID or SAML.
Implementing OpenID Connect along with OAuth 2.0 completes the Identity & Access Management (IAM) :
Okta:
Founded in 2009, it started with SAML but later moved to integrate other technologies like OAuth 2.0, OpenID, Kerbos.
So Okta offers several services like- Authentication, Authorization, SSO, MFA, etc.
So now the question is which technology to use for your IAM of your applications ? The answer is – Okta, because it has Auth0 (for authentication), OAuth 2.0 (for authorization), OpenId, SAML, Kerbos… everything.
Okta has realy became a big fat organization having lot of big shot clients.
If you want to see a demo of Okta OAuth 2.0 SSOhere using Spring Boot here is the link : Okta OAuth 2.0 SSO with Springboot
Different Ways Of Password Management :
To manage password we can use 3 different ways – Encoding, Encrypting and Hashing.
Encoding :
Encrypting :
Hashing (only 1-way) :
