12 Single-sign on using OAuth2 and OpenID Connect
Suppose that over the years, Acme Inc. has experienced phenomenal growth, expanding both its business and customer base. As the company flourished, so did its number of employees and the demand for its services. Both employees and customers rely on various applications provided by the enterprise to interact with the company.
For employees, managing multiple sets of credentials for different applications throughout the workday is inconvenient and inefficient. Likewise, customers prefer the convenience of using their existing social media login credentials when accessing ACME, Inc.’s online store.
Simple applications may manage user credentials independently. But as systems expand and become more complex, strategies for handling authentication and authorization must evolve accordingly. In this chapter, we explore how large-scale systems implement authentication and authorization effectively.
Figure 12.1 shows Jeanny, an ACME employee. Throughout her workday, she uses several applications to manage documents, transactions, work hours, and more. She finds it inefficient to log in to each app separately and would prefer a single set of credentials so she won’t have to remember multiple usernames and passwords.
Figure 12.1 Jeanny uses multiple apps as part of her daily work routine, requiring her to authenticate in to each one individually every day.
