i am currently looking at authentication for website, i have already implemented JWT with http only cookie for authentication, but is Oauth better?
and while signing up does Oauth provide credential to application such as email and password to store in our database which later user can use to sign in rather than signing in with google or any other each time
first of all you need to understand differences between authentication and authorization…
Authentication
is the process of verifying the identity of a user by obtaining some sort of credentials for example his username password combination, and using those credentials to verify the user’s identity.
Authorization
is the process of allowing an authenticated user to access his resources by checking whether the user has access rights to the system. You can control access rights by granting or denying specific permissions to an authenticated user. So, If the authentication was successful, the authorization process starts. Authentication process always proceeds to Authorization process.
now
JWT is a great technology for API authentication and server-to-server authorization.
OAuth is not an API or a service: it’s an open standard for authorization and anyone can implement it. it’s a standard to securely access stuff with randomized tokens.
So, OAuth as it name suggests is simply a standard for Authorization.