LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the relationship between OAuth 2.0 and OpenID Connect (OIDC), and what does each one actually do?

OAuth 2.0 is an authorization protocol ("what may this app do?"); OIDC is a thin authentication layer ("who is this user?") built on top of it.

They're often spoken of together, but they answer different questions:

OAuth 2.0 OpenID Connect (OIDC)
Question Authorization — delegated access to resources/APIs Authentication — proving identity
Core artifact Access Token (call an API on the user's behalf) ID Token (a JWT describing who logged in)
Layer base protocol sits on top of OAuth 2.0

OAuth alone says "this app may read your calendar" but never cleanly says "you are Alice." OIDC adds that identity layer, which is why "Log in with Google/Apple" buttons rely on OIDC, not bare OAuth.

Tip: Memory hook — OAuth = Authorization (access), OIDC = ID (identity). The shared "auth" prefix is exactly what trips people up.

Go deeper:

From Quiz: INTROL / Web Authentication: Cookies, OAuth 2.0 / OIDC & WebAuthn | Updated: Jul 14, 2026