OAuth and OIDC

OAuth and OIDC are two critical, related protocols for managing secure access in modern applications. OAuth 2.0 is an **authorization** framework that enables a third-party application to obtain limited, delegated access to a user's resources on another service without sharing the user's password; for instance, allowing a photo-printing service to access your Google Photos. It accomplishes this by issuing access tokens. OpenID Connect (OIDC) is a simple identity layer built on top of OAuth 2.0 that provides **authentication**. It allows an application to verify a user's identity based on authentication performed by a trusted provider (like "Sign in with Google"), returning an ID token that contains user profile information. In short, OAuth is about what a user can *do* (permissions), while OIDC is about who a user *is* (identity).

1. Introduction to Secure Delegated Access
   1. The Problem of Password Sharing
      1. Risks of Sharing Credentials
         1. Security Vulnerabilities
         2. Credential Compromise
         3. Unauthorized Access
      2. Limitations in Access Control
         1. All-or-Nothing Access
         2. Inability to Revoke Specific Permissions
         3. Lack of Granular Control
      3. Auditability and Accountability Issues
         1. Difficulty Tracking Actions
         2. Attribution Problems
         3. Compliance Challenges
   2. Authentication vs Authorization
      1. Authentication Fundamentals
         1. Definition and Purpose
         2. Identity Verification Process
         3. Authentication Factors
            1. Something You Know
            2. Something You Have
            3. Something You Are
         4. Common Authentication Methods
            1. Password-Based Authentication
            2. Multi-Factor Authentication
            3. Biometric Authentication
            4. Certificate-Based Authentication
      2. Authorization Fundamentals
         1. Definition and Purpose
         2. Permission Granting Process
         3. Access Control Models
            1. Discretionary Access Control
            2. Mandatory Access Control
            3. Role-Based Access Control
            4. Attribute-Based Access Control
   3. Evolution of Access Control
      1. Traditional Access Control Limitations
      2. Need for Delegated Authorization
      3. Third-Party Integration Challenges
   4. Role of OAuth and OIDC in Modern Applications
      1. Enabling Secure API Access
      2. Supporting Third-Party Integrations
      3. Enhancing User Experience
      4. Reducing Attack Surface
      5. Federation and Single Sign-On