Explain OAuth2 vs OIDC.
OAuth2 vs OIDC: OAuth2 is an authorization framework that lets an app access a user’s data on another service without sharing the user’s credentials, while OIDC (OpenID Connect) is an identity layer built on top of OAuth2 that adds user authentication.
When to Use
Use OAuth2 when an app needs delegated access to resources (e.g., a calendar app reading events). Use OIDC when you need login and identity verification (e.g., “Sign in with Google”).
Example
A to-do app accessing Google Drive uses OAuth2. The same app letting you log in with Google uses OIDC for identity confirmation.
Want to go deeper?
Explore Grokking System Design Fundamentals, Grokking the System Design Interview, Grokking Database Fundamentals for Tech Interviews, or practice with Mock Interviews with ex-FAANG engineers.
Why Is It Important
OAuth2 provides secure delegated access. OIDC ensures who the user is. Using them properly prevents both security gaps and user experience issues.
Interview Tips
Highlight the difference: OAuth2 = authorization, OIDC = authentication. Mention the ID token in OIDC to show depth.
Trade-offs
OAuth2 is simpler but doesn’t verify identity. OIDC requires extra setup but supports SSO and safer logins.
Pitfalls
Don’t confuse OAuth2 tokens as proof of identity. Without OIDC, you risk insecure logins and impersonation.
GET YOUR FREE
Coding Questions Catalog
$197
$78
$78
