|
|
|
|
|
|
by sarnowski
1778 days ago
|
|
|
Correct, it’s officially a framework and not a protocol. It’s a framework to build a specific protocol which then is using the same patterns as other OAuth2 based protocols but not necessarily compatible. For example URL endpoints are not defined in a strict sense and the provider can also add arbitrary parameters to calls as long as the basic OAuth2 parameter are present as well. OpenID Connect 1.0 builds on that to make the framework more strict. RFC6749 The OAuth 2.0 Authorization _Framework_ |
|
|