There are LOTS of them. Anything that allows you to link your Google/Facebook/etc. account to another system, so that system can perform actions on your Google/Facebook/etc. account on your behalf.
Examples: Slack (e.g., notify you of events on your calendar, create a GMeets meeting), services like cal.com, whatsapp (store backups on your Google Drive).
It's rare in my experience. We don't support OIDC, so technically it's standalone oauth. In reality there's of course a user identity in the mix used to authorize the resulting access tokens.
Even server to server calls, ie daemons, service principals, what have you, still rely on a client identity.
I think the closest to true agentless access I've seen widely used are SAS for Azure Storage and of course deploy keys in GitHub, which we're building off ramps for. Agentless authz just is not a good idea
Correct. OAuth is for delegated authorization. OpenID Connect for authentication.
> OAuth is for delegated authorization.
Have you ever seen OAuth used alone? I'm looking for examples of this and they seem to be few and far between.
There are LOTS of them. Anything that allows you to link your Google/Facebook/etc. account to another system, so that system can perform actions on your Google/Facebook/etc. account on your behalf.
Examples: Slack (e.g., notify you of events on your calendar, create a GMeets meeting), services like cal.com, whatsapp (store backups on your Google Drive).
It's rare in my experience. We don't support OIDC, so technically it's standalone oauth. In reality there's of course a user identity in the mix used to authorize the resulting access tokens.
Even server to server calls, ie daemons, service principals, what have you, still rely on a client identity.
I think the closest to true agentless access I've seen widely used are SAS for Azure Storage and of course deploy keys in GitHub, which we're building off ramps for. Agentless authz just is not a good idea
What do you mean? What is an example of it not being used alone?
1 reply →
Canva's api uses oauth2 but not OIDC.