difference between oauth/v2/authorize & openid/connect/authorize
I am taking the example in context of Slack .
1. OAuth 2.0 (/oauth/v2/authorize):
• Usage: When a third-party application needs to access a user's resources in Slack, it uses the /oauth/v2/authorize endpoint.
• Process: The user is prompted to grant the application permission to access their resources. Upon consent, Slack returns an authorization code to the application. This code is then exchanged for an access token, which the application uses to access the user's resources on Slack.
• Focus: Purely on granting access to resources (authorization).
2. OpenID Connect (/openid/connect/authorize):
• Usage: When an application not only needs to access resources but also verify the identity of the Slack user, it uses the /openid/connect/authorize endpoint.
• Process: Similar to OAuth 2.0, but in addition to granting access, this process authenticates the user and returns an ID token along with an authorization code. The ID token contains claims about the user's identity, which can be used by the application to verify who the user is.
• Focus: On both verifying user identity (authentication) and granting access to resources (authorization).