Comment by alasr

>> Didn't OpenID predate OAuth? What should OpenID have built upon?

Yes, you're right about "OpenID predate OAuth" part.

However, from my point-of-view, it seems the main source of confusion here is due to the fact that the word OpenID is used in more than one sense:

- First, OpenID used as part of the original OpenID authentication protocol developed around 2005 which communicates the idea of a decentralized online digital identity where one way a user can asserts their online digital identity is via a URL under their control.

- Second, OpenID used as part of the compound noun in "OpenID Connect" (which as per Wikipedia is "third generation of OpenID technology", published in 2014[1]) which implements the user identity and their authentication via authentication workflows built on top of OAuth2 spec.

Now, in my comment earlier i.e. "OIDC, unlike OpenID, ... built on top of existing OAuth spec ... to achieve its main objective ...", I was using OIDC (with "OpenID") in the second sense in comparison to the original OpenID authentication protocol where OpenID is used in the first sense (with both senses mentioned above).

I hope it helps.

---

As an aside, looking at all the comments about "OpenId" and "OpenID Connect" as nouns, I'm reminded of the following post: Two Hard Things[2]

---

[1] - https://en.wikipedia.org/wiki/Openid#OpenID_Connect_(OIDC)

[2] - https://martinfowler.com/bliki/TwoHardThings.html