Deep Dive into Authentication and Authorization using OAuth and OpenID Connect

Catherine Meyer ('19)
.NET Software Engineer Radiant Logic

Stevenson Hall 1300
12:00 PM - 12:50 PM

Authentication (AuthN) is ensuring a user is who one says he or she is. Authorization (AuthZ) is ensuring that a properly authenticated user is accessing only those resources he or she is allowed. But how do businesses ensure that users are being properly authenticated? Identity Providers (IdPs) are services that businesses rely on to securely store and manage users digital data.

These IdPs are responsible for implementing the proper mechanisms for authenticating and verifying users. But what procedures do these IdPs follow to ensure such measures? There are several protocols and frameworks used by IdPs such as SAML, OAuth (and subsequently OIDC), Kerberos, and WsFed. Today, however, more services are relying on OAuth and OIDC to securely and correctly authenticate users. In this talk, Catherine will discuss how an IdP works, introduce the most common types of authentication protocols, and provide an in-depth explanation of OAuth and OIDC.