OpenID Connect and OAuth

OpenID Connect and OAuth is a combination of two software tools. The first one, OpenID Connect, is a identity layer on top of the second one OAuth, that is a protocol. It allows clients to verify the identity of the End-User based on the authentication performed by an Authorization Server. Additionally allows clients to obtain basic profile information about the End-User in an interoperable and REST-like manner.

OpenID Connect

OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features. Encryption of identity data, discovery of OpenID Providers, session management, are some of them.

OAuth

OAuth is an open standard for access delegation. It grants Internet users to websites or applications, permitting access to their information on other websites but without giving them the passwords. Google, Facebook, Microsoft use this mechanism, to permit the users to share information about their accounts with third-party applications or websites.

OAuth provides clients a “secure delegated access” to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials. It uses Hypertext Transfer Protocol (HTTP). OAuth essentially allows Access Token to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.
In particular, OAuth provides specific authorization flows for web applications, desktop applications, mobile phones, and Smart device.

As a conclusion, we may say that an application that is authenticating users is just verifying who the user is. An application that is authorizing users is trying to gain access or modify something that belongs to the user. CCS uses both OpenID Connect and OAuth for users authorization in the ‘Lab Results Patient Portal’. More information about the portal you may find here.