SAML vs OAuth vs OIDC vs SSO

Security Assertion Markup Language

OAuth

OIDC OpenID Connect (OIDC) builds on OAuth 2.0

Imagine you’re going to Airport to travel. When you arrive, the staff will check two things before letting you in: your ID and your ticket.

First, they’ll look at some form of government-issued identification (license/Passport) to ensure you are who you claim to be.
This is similar to how SAML works – it verifies your identity.

Next, they’ll check your ticket, which tells the type of access you have within the Plane. Your ticket might allow access to the Economy or business.
This is like OAuth, as it controls what actions or resources you’re authorized to use.

SSO is a user authentication method that allows a user to access multiple applications with one set of credentials. SAML is one of several protocols (others include OAuth and OpenID Connect) that can be used for SSO

SAMLOAuth
PurposeSecure data exchange for authentication and authorization in web-based applications.Delegated authorization for third-party access to user data without exposing credentials.
Data FormatXML-based assertionsJSON Web Tokens (e.g., access tokens, refresh tokens)
Primary Use CasesSSO and federated identity managementAPI authorization and delegated access to user data
ApplicationsMainly used in web-based applications and SSO scenarios.Primarily used to secure APIs and enable third-party app integrations. Also useful for mobile applications.

Leave a comment