Why One account does not provide OAuth or OpenID Connect?
This is an important topic and the answer is not immediately obvious. To answer these questions first we need to have at least a simple definition of what is OAuth and OpenID Connect.
Let's try to focus on each separately:
OAuth 2.0
OAuth is a mechanism of delegating authorization to another server.
For example, let's say you want a photo editing application to get access to your Google Drive so you can select and edit images from your Google Drive in the application without needing to download images from Google Drive and upload them manually to the photo editing application. That's how you authorize a photo editing application to access your photos on Google Drive.
One account does not provide access to third party applications like the photo editing application or any other access to your One account profile. So if you are using One account you share requested information only once (and you always are aware of what information is shared), applications cannot continually have access to your One account profile.
Ok, that's clear but why not use OpenID Connect to get access to the user's profile? One may wonder... Let's define OpenID Connect first:
OpenID Connect
OpenID Connect is a layer on top of OAuth protocol to authenticate users
A good example of OpenID Connect is the Facebook login button that simply provides access to the user's Facebook profile which is stored on Facebook's servers to an application.
One account does not store users' profiles on its servers for unmatched security and privacy practices and for this reason we do not provide OpenID Connect.
Last modified 1yr ago
Copy link