I studied workflow with OAuth2.0 and server-side web application. I understand what is going on, with authorization code and with access tokens.
While studying, I encountered sentence saying that OAuth2.0 is not an authentication framework - but rather authorization framework, and I fully understand it. It was also pointed out that authentication can be built on top of the OAuth2.0 with http://openid.net/connect/.
However browsing for example: facebook, google libraries for social logins, I've got the impression, that they actually proposing this false workflow where after correct authorization, and where client application has AccessToken we can consider user logged-in into client application.
Can anyone comment on this ?