Using OAuth 2.0 for Authentication

OAuth 2.0 is a delegation protocol and NOT an authentication protocol. OAuth Authentication is old, insecure technology and should not be used. 

Ref: The problem with OAuth for Authentication by John Bradley.
http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html

We recommend using OpenID Connect for authentication. In this protocol, you can request the authorization server to issue an ID token instead or on top of an access token. The ID token contains a unique user identifier and can be verified with its embedded signature.


How did we do with this article?