White Paper

SAML vs OAuth 2.0 vs OpenID Connect

Understanding the differences between the three most common authorisation protocols

The world of Identity and Access Management is ruled by two things – acronyms and standards. In our popular blog post on SAML vs OAuth we compared the two most common authorisation protocols – SAML2 and OAuth 2.0. This white paper extends that comparison with the inclusion of a third protocol, OpenID Connect. We also touch on the now obsolete OpenID 2.0 protocol.

In this white paper, you will learn:

  • A version history and background to the three most common authorisation protocols – SAML, OAuth & OpenID Connect
  • Comparisons of the protocols
  • Protocol suitability for certain business needs and best use cases, including customer SSO, b2b SSO, enterprise federation, API authorisation, UMA, Customer IAM & mobile identity

Essential reading for anyone considering the best way to implement Single Sign-On and identity federation.

NEW for Developers!

After reading the white paper, check out the new Developers Area for building and testing OAuth 2.0.