Why and how are social logins using OAuth2.0?

0 投票
最新提问 用户: (120 分)

I studied workflow with OAuth2.0 and server-side web application. I understand what is going on, with authorization code and with access tokens.

While studying, I encountered sentence saying that OAuth2.0 is not an authentication framework - but rather authorization framework, and I fully understand it. It was also pointed out that authentication can be built on top of the OAuth2.0 with http://openid.net/connect/.

However browsing for example: facebook, google libraries for social logins, I've got the impression, that they actually proposing this false workflow where after correct authorization, and where client application has AccessToken we can consider user logged-in into client application.

Can anyone comment on this ?

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...