{"id":16766,"date":"2024-04-26T05:00:48","date_gmt":"2024-04-26T12:00:48","guid":{"rendered":"https:\/\/softwareengineeringdaily.com\/?p=16766"},"modified":"2024-09-17T07:11:29","modified_gmt":"2024-09-17T14:11:29","slug":"making-oauth-and-oidc-accessible-to-developers","status":"publish","type":"post","link":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/","title":{"rendered":"Making OAuth and OIDC Accessible to Developers"},"content":{"rendered":"<p><b>Simplifying Application Development Security\u00a0<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Security is an integral and often challenging component in application development. Developers focus on the functionality of the frontend and backend, but they may be unaware of potential security design flaws in their implementations and APIs. OAuth and OpenID Connect (OIDC) provide a standardized security framework for protecting applications.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Authlete is a service solution that streamlines development of security components. Software Engineering Daily\u2019s Gregor Vand recently spoke with the Principal Architect at <\/span><a href=\"https:\/\/www.authlete.com\/\"><span style=\"font-weight: 400;\">Authlete<\/span><\/a><span style=\"font-weight: 400;\">, Justin Richer,\u00a0 to discuss common authorization, identity, and security challenges, and the solution landscape. You can find their full conversation <\/span><a href=\"https:\/\/softwareengineeringdaily.com\/2024\/04\/11\/authlete-and-making-oauth-accessible-with-justin-richer\/\"><span style=\"font-weight: 400;\">here<\/span><\/a><span style=\"font-weight: 400;\">.<br \/>\n<\/span><\/p>\n<p style=\"text-align: justify;\"><b>The Gap Between Developers and Security Professionals<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Developers\u2019 interest, and often their time, is focused on adding functionality to applications. The security of these systems can sometimes seem obtuse, since security is a specialty that many are not totally familiar or comfortable with. As a consequence, design problems often emerge as applications are built.\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">\u201cSometimes, the security team shows up and says, you can&#8217;t connect everything together because that&#8217;s not secure,\u201d explained <\/span><a href=\"https:\/\/www.authlete.com\/\"><span style=\"font-weight: 400;\">Authlete<\/span><\/a><span style=\"font-weight: 400;\">\u2019s Justin Richer. Security professionals often start with the desire to lock the system down and protect confidential information. Consequently, security gets in the way of the application developer, who wants to provide functionality to connect data, people, and processes. The functionality and security viewpoints may possibly clash because their goals are different.\u00a0<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<p style=\"text-align: justify;\"><b>Security Systems Have to be Collaborative<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">As a result, a fresh outlook and approach are needed. As Gregor noted, \u201cthe juxtaposition of collaboration and security does not initially sound like they can coexist, but they have to.\u201d\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Humans use the security solutions, and often how people interface with these products is not in the way that vendors designed or even considered. So, enterprises must create security checks that keep information secure but do not prevent people from completing their work, and this is often a difficult balancing act.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><b>What are OAuth and OpenID Connect?<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Two key building blocks of modern application security are OAuth, from the IETF, and OpenID Connect, from the OpenID Foundation. Each of these standards plays a key role in ensuring security, but the specifications can be challenging for developers to work with.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">While often thought of as an authorization protocol, OAuth is fundamentally a delegation protocol. \u201cOAuth excels whenever you have multiple systems and need to provide an abstract security layer,\u201d noted Authlete\u2019s Justin Richer. In applying a delegation protocol, a user possesses a set of system rights that perform certain tasks, such as the ability to access a record or update certain metadata. Users delegate specific subsets of their rights to applications that perform them on their behalf. How does OAuth accomplish this? OAuth creates an artifact called an access token that encompasses not only the end user\u2019s rights but also the identity of the delegated software.<\/span><\/p>\n<p>Here are the steps in the delegation process:<\/p>\n<figure style=\"width: 749px\" class=\"wp-caption alignnone\"><img fetchpriority=\"high\" decoding=\"async\" class=\"\" src=\"https:\/\/i0.wp.com\/miro.medium.com\/v2\/resize:fit:1358\/1*f4XdtDR7sw-Qq8pRV2GGbA.png?resize=749%2C485&#038;ssl=1\" alt=\"The OAuth delegation process, including the resource owner (or user), client software, authorization server, and protected resource (the API or service being accessed).\" width=\"749\" height=\"485\" data-recalc-dims=\"1\" \/><figcaption class=\"wp-caption-text\">The OAuth delegation process. Image from OAuth 2 In Action by Justin Richer and Antonio Sanso. Manning Publications 2017. Used with permission.<\/figcaption><\/figure>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">A user, known as the Resource Owner (RO) in OAuth terminology, has access to an API, known as the Protected Resource hosted on the Resource Server (RS). The RO wants a piece of software, known as the Client, to act on their behalf at the RS. The RO can authenticate to the system to prove who they are and that they have access, but we don\u2019t want the RO to give those credentials to the Client. OAuth provides an Authorization Server (AS) to facilitate the RO giving the client delegated access, through the use of an access token. The access token represents the combination of all the parties in the OAuth protocol and the access being given, and it can be used by the Client to call the RS.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The OAuth standard simplifies typical API integration work by allowing the Client and RS to never deal with the user\u2019s credentials, and it allows the user to be very deliberate about what kinds of access they want to give the Client application.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The second component, OpenID Connect, works with OAuth. OAuth enables users to securely delegate certain rights to pieces of software, but OAuth does not tell the software who the user is. OpenID Connect works by allowing the user to delegate their own identity information to the client software from the AS, which becomes an Identity Provider (IdP) in OIDC. The IdP provides information about who the user is alongside the access token from OAuth. \u201cLet\u2019s say an app needs all of the extended profile information, such as address, email, and other personal data. A developer writes an API call to do that. That API call is protected by an OAuth access token and it&#8217;s the same OAuth access token that I got when I made the call that said who is the user. That access token could also be used for many other functions: getting their calendar information, looking at their bank account history, checking their health record, or any other type of transaction. All these features are possible, but developers need to create them in order to use them.\u201d\u00a0<\/span><\/p>\n<p><b>A Hosted Security Solution\u00a0<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">When building out a protected system, developers need to have dedicated components like the AS to provide key security functionalities. Building an OAuth AS and an OIDC IdP is a formidable task, but many deployments need a level of flexibility and power that only building can provide. But how could you go about building such an important security component?<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Authlete is a unique product because it\u2019s a hosted service that provides OAuth and OpenID Connect support functions. What is different from other services is that <\/span><a href=\"https:\/\/www.authlete.com\/\"><span style=\"font-weight: 400;\">Authlete<\/span><\/a><span style=\"font-weight: 400;\">\u00a0does not host the entire platform that handles user authentication, accounts, or attributes. Instead, it supplies support for the OAuth and OpenID Connect protocol pieces where and when they are needed.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">\u201cAuthlete really shines in the space where developers want to build out something custom and have it run in their environment and programming language,\u201d explained Authlete\u2019s Richer. A developer needs to build an IdP or AS. A request comes in to the developer\u2019s implementation, say a token endpoint request or an authorization endpoint request. The software then calls the Authlete service, which examines the request: Is this request formed correctly? Is everything formatted properly? Which extensions are valid? What should the response be?<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Authlete provides developers with an SDK that features an OAuth library they can call and use as needed, but instead of being a static library, \u201cthe solution is backed by a live service,\u201d said Authlete\u2019s Richer. Authlete stores the protocol state, which allows it to manage data over time.\u00a0 It handles tokens, keys, and other information so the application developer doesn\u2019t need to account for these directly. Authlete also provides libraries to ease integration, \u201cour libraries turn around and they call the right endpoint with a properly formatted REST request. The API itself is really straightforward.\u201d Some of Authlete\u2019s largest customers have been able to take advantage of this by integrating directly with the API without needing to use an SDK, which wasn\u2019t available in their preferred development platform.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">In essence, the developer builds their own authorization server. They provide the application rights and privileges and the OAuth and OpenID parts. Therefore, they concentrate on shipping the features of their application or service. The Authlete service provides only the security layers that matter to their applications.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">As a result, instead of taking an off-the-shelf software project and building their own security system on top of it, developers have a world-class system on which they build out their own customized functionality. Nor do developers need to give over all control to a fully hosted service. With the Authlete product, customers retain the control and flexibility that a custom solution provides but don&#8217;t have to become experts in the details of the interoperability layer that OAuth and OpenID provide.<\/span><\/p>\n<p><b>Prioritizing Security and Data Control<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The solution has found adoption in multiple industries, with particular use in the banking industry. \u201cIn the financial sector, Authlete gives enterprises the ability to hold all of the sensitive information close to themselves,\u201d explained Richer. \u201cWe don&#8217;t store user accounts. We don&#8217;t store names and passwords and addresses and account numbers and all of that other stuff. Instead, they tell us, I need an access token for the following subject identifier with the following rights and we deliver it.\u201d Privacy-driven regulations and demand for privacy protections from consumers is changing how companies architect and deploy their systems, especially with regard to hosted services. Letting go of personal data to a cloud service is not a choice to be taken lightly, especially in highly regulated verticals. Authlete\u2019s semi-hosted service architecture allows its customers to retain control over sensitive financial data and provide service that is hosted and controlled by the customer\u2019s systems, while at the same time providing a state-of-the-art implementation of security protocols to protect these systems.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Security is an important but difficult aspect of modern systems, and deploying security protocols like OAuth and OIDC brings its own benefits and challenges. At the end of the day, developers want to provide the best functionality for their users, and Authlete provides a compelling and unique approach to securing that functionality.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Check out <a href=\"https:\/\/events.authlete.com\/sed\">https:\/\/events.authlete.com\/sed<\/a> to try out Authlete for an extended 90-day free trial.\u00a0<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Full Disclosure: Authlete is a sponsor of Software Engineering Daily<\/span><\/i><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Simplifying Application Development Security\u00a0 Security is an integral and often challenging component in application development. Developers focus on the functionality of the frontend and backend, but they may be unaware of potential security design flaws in their implementations and APIs. OAuth and OpenID Connect (OIDC) provide a standardized security framework for protecting applications. Authlete is<\/p>\n","protected":false},"author":94,"featured_media":16767,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1083],"tags":[6141,6175],"class_list":["post-16766","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-oauth","tag-oidc"],"jetpack_publicize_connections":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Making OAuth and OIDC Accessible to Developers - Software Engineering Daily<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Making OAuth and OIDC Accessible to Developers - Software Engineering Daily\" \/>\n<meta property=\"og:description\" content=\"Simplifying Application Development Security\u00a0 Security is an integral and often challenging component in application development. Developers focus on the functionality of the frontend and backend, but they may be unaware of potential security design flaws in their implementations and APIs. OAuth and OpenID Connect (OIDC) provide a standardized security framework for protecting applications. Authlete is\" \/>\n<meta property=\"og:url\" content=\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/\" \/>\n<meta property=\"og:site_name\" content=\"Software Engineering Daily\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-26T12:00:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-17T14:11:29+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"315\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"SEDaily\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@software_daily\" \/>\n<meta name=\"twitter:site\" content=\"@software_daily\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SEDaily\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/\"},\"author\":{\"name\":\"SEDaily\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/f1a6631864960c74ef79dae73df8984c\"},\"headline\":\"Making OAuth and OIDC Accessible to Developers\",\"datePublished\":\"2024-04-26T12:00:48+00:00\",\"dateModified\":\"2024-09-17T14:11:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/\"},\"wordCount\":1594,\"publisher\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1\",\"keywords\":[\"OAuth\",\"OIDC\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/\",\"url\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/\",\"name\":\"Making OAuth and OIDC Accessible to Developers - Software Engineering Daily\",\"isPartOf\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1\",\"datePublished\":\"2024-04-26T12:00:48+00:00\",\"dateModified\":\"2024-09-17T14:11:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1\",\"width\":600,\"height\":315},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/softwareengineeringdaily.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Making OAuth and OIDC Accessible to Developers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#website\",\"url\":\"https:\/\/softwareengineeringdaily.com\/\",\"name\":\"Software Engineering Daily\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/softwareengineeringdaily.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\",\"name\":\"Software Engineering Daily\",\"url\":\"https:\/\/softwareengineeringdaily.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/01\/cropped-sed_website_banner.png?fit=549%2C169&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/01\/cropped-sed_website_banner.png?fit=549%2C169&ssl=1\",\"width\":549,\"height\":169,\"caption\":\"Software Engineering Daily\"},\"image\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/software_daily\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/f1a6631864960c74ef79dae73df8984c\",\"name\":\"SEDaily\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/96a9ce2f21db7050dc801bc0505cb90b?s=96&d=retro&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/96a9ce2f21db7050dc801bc0505cb90b?s=96&d=retro&r=pg\",\"caption\":\"SEDaily\"},\"url\":\"https:\/\/softwareengineeringdaily.com\/author\/sed-production\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Making OAuth and OIDC Accessible to Developers - Software Engineering Daily","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/","og_locale":"en_US","og_type":"article","og_title":"Making OAuth and OIDC Accessible to Developers - Software Engineering Daily","og_description":"Simplifying Application Development Security\u00a0 Security is an integral and often challenging component in application development. Developers focus on the functionality of the frontend and backend, but they may be unaware of potential security design flaws in their implementations and APIs. OAuth and OpenID Connect (OIDC) provide a standardized security framework for protecting applications. Authlete is","og_url":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/","og_site_name":"Software Engineering Daily","article_published_time":"2024-04-26T12:00:48+00:00","article_modified_time":"2024-09-17T14:11:29+00:00","og_image":[{"width":600,"height":315,"url":"http:\/\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png","type":"image\/png"}],"author":"SEDaily","twitter_card":"summary_large_image","twitter_creator":"@software_daily","twitter_site":"@software_daily","twitter_misc":{"Written by":"SEDaily","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#article","isPartOf":{"@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/"},"author":{"name":"SEDaily","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/f1a6631864960c74ef79dae73df8984c"},"headline":"Making OAuth and OIDC Accessible to Developers","datePublished":"2024-04-26T12:00:48+00:00","dateModified":"2024-09-17T14:11:29+00:00","mainEntityOfPage":{"@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/"},"wordCount":1594,"publisher":{"@id":"https:\/\/softwareengineeringdaily.com\/#organization"},"image":{"@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1","keywords":["OAuth","OIDC"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/","url":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/","name":"Making OAuth and OIDC Accessible to Developers - Software Engineering Daily","isPartOf":{"@id":"https:\/\/softwareengineeringdaily.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#primaryimage"},"image":{"@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1","datePublished":"2024-04-26T12:00:48+00:00","dateModified":"2024-09-17T14:11:29+00:00","breadcrumb":{"@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#primaryimage","url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1","contentUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1","width":600,"height":315},{"@type":"BreadcrumbList","@id":"https:\/\/softwareengineeringdaily.com\/2024\/04\/26\/making-oauth-and-oidc-accessible-to-developers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/softwareengineeringdaily.com\/"},{"@type":"ListItem","position":2,"name":"Making OAuth and OIDC Accessible to Developers"}]},{"@type":"WebSite","@id":"https:\/\/softwareengineeringdaily.com\/#website","url":"https:\/\/softwareengineeringdaily.com\/","name":"Software Engineering Daily","description":"","publisher":{"@id":"https:\/\/softwareengineeringdaily.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/softwareengineeringdaily.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/softwareengineeringdaily.com\/#organization","name":"Software Engineering Daily","url":"https:\/\/softwareengineeringdaily.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/01\/cropped-sed_website_banner.png?fit=549%2C169&ssl=1","contentUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/01\/cropped-sed_website_banner.png?fit=549%2C169&ssl=1","width":549,"height":169,"caption":"Software Engineering Daily"},"image":{"@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/software_daily"]},{"@type":"Person","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/f1a6631864960c74ef79dae73df8984c","name":"SEDaily","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/96a9ce2f21db7050dc801bc0505cb90b?s=96&d=retro&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/96a9ce2f21db7050dc801bc0505cb90b?s=96&d=retro&r=pg","caption":"SEDaily"},"url":"https:\/\/softwareengineeringdaily.com\/author\/sed-production\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/04\/1-Making-OAuth-and-OIDC-Accessible-to-Developers.png?fit=600%2C315&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7GuoD-4mq","_links":{"self":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts\/16766"}],"collection":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/comments?post=16766"}],"version-history":[{"count":0,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts\/16766\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/media\/16767"}],"wp:attachment":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/media?parent=16766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/categories?post=16766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/tags?post=16766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}