Authentication MOC

Map of Content for authentication, identity, and federated login. The notes below are atomic — each covers one concept. Follow the wikilinks.

Foundations

  • OAuth 2.0 — the authorization framework everything else builds on
  • OpenID Connect — identity layer on top of OAuth 2.0
  • ID Token — the JWT that proves who the user is

Flows

Provider Implementations

Cross-cutting

Open Threads

  • OAuth 2.1 consolidation — what changes
  • Refresh token rotation strategies
  • Native app flows (custom URL schemes, ASWebAuthenticationSession)
  • SAML vs OIDC trade-offs
  • Device authorization grant (RFC 8628)