Structured Lists Directory

Markdown

Authentication and Authorization Protocols - Markdown

Authentication and authorization protocols are standards for securely verifying user identities and managing access rights between systems. OAuth 2.0 enables delegated limited access for third-party applications, OpenID Connect functions as an authentication layer built on OAuth 2.0, and SAML is an XML-based standard for enterprise single sign-on. These protocols form the foundation for secure identity federation in modern web applications and enterprise systems.

authentication authorization OAuth OpenID Connect SAML security SSO identity management 
| code | slug | name | description | category | dataFormat | rfcNumber | standardBody | tokenFormat | basedOn |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| oauth-2-0 | oauth-2-0 | OAuth 2.0 | An authorization framework for delegated limited access to third-party applications. | Authorization Protocol | JSON | RFC 6749 | IETF | Bearer Token |  |
| openid-connect | openid-connect | OpenID Connect 1.0 | A simple identity layer built on top of the OAuth 2.0 protocol. | Authentication Protocol | JSON (JWT) |  | OpenID Foundation | ID Token (JWT) | OAuth 2.0 |
| saml-2-0 | saml-2-0 | SAML 2.0 | An XML-based standard for exchanging authentication and authorization data between security domains. | Authentication and Authorization Protocol | XML |  | OASIS | SAML Assertion |  |
| oauth-pkce | oauth-pkce | OAuth 2.0 with PKCE | An OAuth 2.0 extension that prevents authorization code interception attacks for public clients. | Authorization Protocol Extension | JSON | RFC 7636 | IETF | Bearer Token |  |
| oauth-device-flow | oauth-device-flow | OAuth 2.0 Device Authorization Grant | An OAuth 2.0 flow for devices with limited input or browserless devices. | Authorization Protocol Extension | JSON | RFC 8628 | IETF | Bearer Token |  |
| jwt | jwt | JSON Web Token (JWT) | A compact, URL-safe means of representing claims to be transferred between two parties. | Token Format | JSON | RFC 7519 | IETF | JWT |  |
| ldap | ldap | LDAP | A standard protocol for accessing and maintaining distributed directory information services over IP networks. | Directory Protocol | BER/DER | RFC 4510 | IETF |  |  |
| kerberos | kerberos | Kerberos | A network authentication protocol using secret-key cryptography. | Network Authentication Protocol | Binary | RFC 4120 | IETF |  |  |
| cas | cas | CAS (Central Authentication Service) | An enterprise single sign-on protocol for web applications. | Single Sign-On Protocol | XML/JSON |  | Apereo Foundation |  |  |
| ws-fed | ws-fed | WS-Federation | A protocol specification for enabling federation across web services. | Federation Protocol | XML |  | OASIS |  |  |