<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Oauth on Commentary of Takao</title><link>https://takao.blog/zh-tw/tags/oauth/</link><description>Recent content in Oauth on Commentary of Takao</description><generator>Hugo -- gohugo.io</generator><language>zh-TW</language><copyright>Commentary of Takao</copyright><lastBuildDate>Wed, 15 Jul 2026 18:22:35 +0900</lastBuildDate><atom:link href="https://takao.blog/zh-tw/tags/oauth/index.xml" rel="self" type="application/rss+xml"/><item><title>OAuth 2.0 and OpenID Connect: Modern 道地ation 指南</title><link>https://takao.blog/zh-tw/web/oauth-oidc/</link><pubDate>Mon, 29 Jan 2024 00:00:00 +0900</pubDate><guid>https://takao.blog/zh-tw/web/oauth-oidc/</guid><description>&lt;img src="https://takao.blog/img/thumbnail/oauth-oidc-zh-tw.png" alt="Featured image of post OAuth 2.0 and OpenID Connect: Modern 道地ation 指南" /&gt;&lt;p&gt;OAuth 2.0 and OpenID Connect form the backbone of modern web authentication and authorization. Despite their ubiquity, these protocols are frequently misunderstood and misconfigured, leading to preventable security vulnerabilities. This guide covers the core concepts, implementation patterns, and security best practices you need to integrate authentication securely in your applications.&lt;/p&gt;
&lt;h2 id="oauth-20-fundamentals"&gt;OAuth 2.0 Fundamentals
&lt;/h2&gt;&lt;p&gt;OAuth 2.0 is an authorization framework, not an authentication protocol. This distinction is critical: OAuth defines how a client application can obtain delegated access to protected resources, but it does not specify how to verify the user&amp;rsquo;s identity. That is where OpenID Connect comes in.&lt;/p&gt;</description></item></channel></rss>