Looking for an OAuth and OpenID Connect explanation with HTTP examples??

October 03 · 1 min read

Here is a somewhat easy-to-understand explanation of the hard-to-understand OAuth and OpenID Connect standards — and they come with HTTP call examples. I found them from a playlist on the YouTube channel named Oracle Learning.

  1. OAuth Introduction and Terminology
  2. An Introduction To OpenID Connect
  3. OpenID Connect Flows

Some Lessons Learned:

Flows are the interaction between the participants in the OAuth standard or the OpenId Connect standard.

Grant Types are ways for a client application to acquire an access token.

Each grant type has its own Flow to acquire an access token. And these flows involve the interaction of public or confidential clients.

OAuth defines two types of clients: Confidential Client and Public Client.

There are two distinct ways in which the clients communicate with the authorization server: via the Front Channel and via the Back Channel.


Other useful resources:

An Illustrated Guide to OAuth and OpenID Connect by David Neal from Okta

OpenID Connect explained from Connect2id

Easy to understand resources on HTTPS:

How HTTPS works

How Does HTTPS Work - HTTPS Explained

public-key cryptography for non-geeks by Vrypan

What happens during a TLS handshake? from CloudFlare