Table of Contents
OAuth 2.0 is a framework for access delegation and NOT a user authentication protocol. You should not use so-called “OAuth Authentication,” that is old and insecure practice.
Ref: The problem with OAuth for Authentication by John Bradley.
http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html
We recommend using OpenID Connect for user authentication. In this protocol, relying parties (RP) can request identity providers (IdP) to issue an ID token instead or in addition to an access token. The ID token contains a unique user identifier so that RPs can identify the user with the value.