Question 1

What’s the difference between OAuth and OpenID Connect (OIDC)?

Accepted Answer

OAuth 2.0 is for authorization—granting an app permission to access an API (like reading your calendar). OpenID Connect (OIDC) is an identity layer on top of OAuth 2.0 that adds standardized login and identity information (who the user is) via an ID token. In practice: use OAuth to access APIs; use OIDC when you also need user sign-in and identity claims.

Question 2

When should I use OAuth?

Accepted Answer

Use OAuth when an application needs delegated access to an API on behalf of a user or service, without sharing passwords. Common cases include: “Sign in with X” (usually OAuth + OIDC), mobile apps calling your backend APIs, third-party integrations needing limited access (scopes), and machine-to-machine API access using client credentials. If you only need to authenticate users to your own app without third-party delegation, you might use a traditional session login or OIDC without broad API scopes.

Question 3

How much does OAuth cost?

Accepted Answer

OAuth itself is a free open standard—there’s no licensing fee to use the protocol. Costs come from the identity platform you choose and your architecture: managed IdP pricing (often per monthly active user, per authentication, or per feature like MFA), infrastructure costs if you self-host an authorization server, and operational costs (security reviews, monitoring, incident response). Many providers have free tiers, but production usage can scale with users, token issuance volume, and advanced security requirements.

OAuth

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms