<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Oauth on Commentary of Takao</title><link>https://takao.blog/ko/tags/oauth/</link><description>Recent content in Oauth on Commentary of Takao</description><generator>Hugo -- gohugo.io</generator><language>ko</language><copyright>Commentary of Takao</copyright><lastBuildDate>Sun, 12 Jul 2026 04:12:51 +0900</lastBuildDate><atom:link href="https://takao.blog/ko/tags/oauth/index.xml" rel="self" type="application/rss+xml"/><item><title>OAuth 2.0 and OpenID Connect: Modern Authentication Guide</title><link>https://takao.blog/ko/web/oauth-oidc/</link><pubDate>Mon, 29 Jan 2024 00:00:00 +0900</pubDate><guid>https://takao.blog/ko/web/oauth-oidc/</guid><description>&lt;img src="https://takao.blog/img/thumbnail/oauth-oidc-ko.png" alt="Featured image of post OAuth 2.0 and OpenID Connect: Modern Authentication Guide" /&gt;&lt;p&gt;OAuth 2.0 and OpenID Connect form the backbone of modern web 인증 and authorization. Despite their ubiquity, these protocols are frequently misunderstood and misconfigured, leading to preventable security vulnerabilities. This 가이드 covers the core concepts, implementation patterns, and security best practices you need to integrate 인증 securely in your applications.&lt;/p&gt;
&lt;h2 id="oauth-20-fundamentals"&gt;OAuth 2.0 Fundamentals
&lt;/h2&gt;&lt;p&gt;OAuth 2.0 is an authorization framework, not an 인증 protocol. This distinction is critical: OAuth defines how a client application can obtain delegated access to protected resources, but it does not specify how to verify the user&amp;rsquo;s identity. That is where OpenID Connect comes in.&lt;/p&gt;</description></item></channel></rss>