Structured Lists Directory

HTML

Authentication and Authorization Protocols - HTML

Authentication and authorization protocols are standards for securely verifying user identities and managing access rights between systems. OAuth 2.0 enables delegated limited access for third-party applications, OpenID Connect functions as an authentication layer built on OAuth 2.0, and SAML is an XML-based standard for enterprise single sign-on. These protocols form the foundation for secure identity federation in modern web applications and enterprise systems.

authentication authorization OAuth OpenID Connect SAML security SSO identity management 
<table>
<thead><tr><th>code</th><th>slug</th><th>name</th><th>description</th><th>category</th><th>dataFormat</th><th>rfcNumber</th><th>standardBody</th><th>tokenFormat</th><th>basedOn</th></tr></thead>
<tbody><tr><td>oauth-2-0</td><td>oauth-2-0</td><td>OAuth 2.0</td><td>An authorization framework for delegated limited access to third-party applications.</td><td>Authorization Protocol</td><td>JSON</td><td>RFC 6749</td><td>IETF</td><td>Bearer Token</td><td></td></tr>
<tr><td>openid-connect</td><td>openid-connect</td><td>OpenID Connect 1.0</td><td>A simple identity layer built on top of the OAuth 2.0 protocol.</td><td>Authentication Protocol</td><td>JSON (JWT)</td><td></td><td>OpenID Foundation</td><td>ID Token (JWT)</td><td>OAuth 2.0</td></tr>
<tr><td>saml-2-0</td><td>saml-2-0</td><td>SAML 2.0</td><td>An XML-based standard for exchanging authentication and authorization data between security domains.</td><td>Authentication and Authorization Protocol</td><td>XML</td><td></td><td>OASIS</td><td>SAML Assertion</td><td></td></tr>
<tr><td>oauth-pkce</td><td>oauth-pkce</td><td>OAuth 2.0 with PKCE</td><td>An OAuth 2.0 extension that prevents authorization code interception attacks for public clients.</td><td>Authorization Protocol Extension</td><td>JSON</td><td>RFC 7636</td><td>IETF</td><td>Bearer Token</td><td></td></tr>
<tr><td>oauth-device-flow</td><td>oauth-device-flow</td><td>OAuth 2.0 Device Authorization Grant</td><td>An OAuth 2.0 flow for devices with limited input or browserless devices.</td><td>Authorization Protocol Extension</td><td>JSON</td><td>RFC 8628</td><td>IETF</td><td>Bearer Token</td><td></td></tr>
<tr><td>jwt</td><td>jwt</td><td>JSON Web Token (JWT)</td><td>A compact, URL-safe means of representing claims to be transferred between two parties.</td><td>Token Format</td><td>JSON</td><td>RFC 7519</td><td>IETF</td><td>JWT</td><td></td></tr>
<tr><td>ldap</td><td>ldap</td><td>LDAP</td><td>A standard protocol for accessing and maintaining distributed directory information services over IP networks.</td><td>Directory Protocol</td><td>BER/DER</td><td>RFC 4510</td><td>IETF</td><td></td><td></td></tr>
<tr><td>kerberos</td><td>kerberos</td><td>Kerberos</td><td>A network authentication protocol using secret-key cryptography.</td><td>Network Authentication Protocol</td><td>Binary</td><td>RFC 4120</td><td>IETF</td><td></td><td></td></tr>
<tr><td>cas</td><td>cas</td><td>CAS (Central Authentication Service)</td><td>An enterprise single sign-on protocol for web applications.</td><td>Single Sign-On Protocol</td><td>XML/JSON</td><td></td><td>Apereo Foundation</td><td></td><td></td></tr>
<tr><td>ws-fed</td><td>ws-fed</td><td>WS-Federation</td><td>A protocol specification for enabling federation across web services.</td><td>Federation Protocol</td><td>XML</td><td></td><td>OASIS</td><td></td><td></td></tr></tbody>
</table>