If you’re building modern web or mobile apps, chances are you’ve come across terms like SSO, OAuth, and OpenID Connect (OIDC). While they often appear together, they serve different purposes. Here’s a quick breakdown:
TL;DR
OAuth was not created to be a single-sign-on protocol, it has been extended to be used as one through things like OpenID Connect.
| Concept | Purpose | Deals With | Example |
|---|---|---|---|
| SSO | One login for multiple apps | Authentication | Gmail + YouTube login |
| OAuth | Accessing APIs | Authorization | Access Google Drive |
| OpenID Connect | Verify user identity | Authentication | ”Login with Google” button |
✅ SSO (Single Sign-On)
What it does:
Lets users log in once and access multiple apps without re-entering their credentials.
Use case:
Login to Google once → access Gmail, Drive, YouTube.
Powered by:
Protocols like SAML, OIDC, or Kerberos.
Purpose:
Simplifies authentication.
🔄 OAuth
What it does:
Allows apps to access a user’s data without needing their password.
Use case:
A Photo editor app using your Google Drive.
Powered by:
OAuth 2.0 protocol.
Purpose:
Secure authorization (not authentication).
🔍 OpenID Connect (OIDC)
What it does:
Adds authentication on top of OAuth 2.0 — it confirms the user’s identity and provides their profile information.
Use case:
Logging in to a third-party app with your Google account. Fetching user identity information like email, profile photo etc.
Powered by:
OAuth 2.0 + ID token (a JWT containing user info).
Purpose:
Handles who the user is, not just what data they can access.
🧪 Real-World Example
-
Login with Google in your photo editing app:
➤ This is Social Login using OAuth + OpenID Connect. -
Saving files to the user’s Google Drive from your app:
➤ This is OAuth-based Authorization to access Google Drive APIs.