Authentication
We found it best to introduce the topic of authentication with the already existing definition of OAuth:
Authentication in the context of a user accessing an application tells an application who the current user is and whether or not they’re present. A full authentication protocol will probably also tell you a number of attributes about this user, such as a unique identifier, an email address, and what to call them when the application says "Good Morning". Authentication is all about the user and their presence with the application, and an internet-scale authentication protocol needs to be able to do this across network and security boundaries.
However, OAuth tells the application none of that. OAuth says absolutely nothing about the user, nor does it say how the user proved their presence or even if they’re still there. As far as an OAuth client is concerned, it asked for a token, got a token, and eventually used that token to access some API. It doesn’t know anything about who authorized the application or if there was even a user there at all. […]
https://oauth.net/articles/authentication/ - 04.08.2023
See our deep dive on OAuth2 for more information about how it is designed in detail in the standard.
The authentication domain for user log in and applications is mostly covered by the OpenID Connect standard. It allows the integration of identity providers to link identities to user accounts and standardizes the login flow(s).
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
https://openid.net/specs/openid-connect-core-1_0.html - 04.08.2023
See the official OpenID Connect page on more information about how it should work and our deep-dive on OpenID Connect endpoints.