Protocols

In the past, sharing personal information with third parties was relatively simple but posed a significant security risk. You would often share your username and password, which granted full access to your account and personal information. This created a vulnerability known as "Account Takeover", in which the third party could act maliciously without your knowledge or consent.

To address this issue, an agreed-upon standard was established to enable access to specific functionalities without compromising the entire account. OAuth 2.0 is now one of the most widely adopted authorization protocols for granting third-party websites access to certain approved information on a user's behalf.

In addition to OAuth 2.0, another widely used protocol is OpenID Connect (OIDC), which provides a layer of authentication on top of OAuth 2.0. OIDC allows users to authenticate their identity with a third-party service (such as sgID) using a range of different authentication mechanisms (such as username/password, social login, or biometric authentication), while also enabling the sharing of specific data with authorized third parties.

Together, OAuth 2.0 and OIDC provide a secure and efficient way to manage authentication and authorization in modern applications. By allowing users to share specific information with third parties while maintaining control over their accounts and data, these protocols enable greater security and privacy for users.