Using OAuth 2.0 for User Authentication

OAuth 2.0 is a framework for access delegation and NOT a user authentication protocol. You should not use so-called "OAuth Authentication," that is old and insecure practice. 

Ref: The problem with OAuth for Authentication by John Bradley.

We recommend using OpenID Connect for user authentication. In this protocol, relying parties (RP) can request identity providers (IdP) to issue an ID token instead or in addition to an access token. The ID token contains a unique user identifier so that RPs can identify the user with the value.

How did we do with this article?