SAML vs OpenID vs OAuth
Similarities
SAML, OpenID Connect, and OAuth 2.0 are all identity federation standards.
SAML and OpenID Connect are both standards-based frameworks for authenticating users and enabling Single Sign-On across applications and services.
Differences
Purpose
The primary difference between SAML vs. OAuth vs. OpenID is that OAuth is a framework that controls authorization to protected resources like applications or groups of files. OAuth 2.0 is a standard for resource authorization, not authentication.
OpenID Connect and SAML, on the other hand, are industry standards for federated authentication.
Interactions
You can use SAML or OpenID Connect independently to authenticate users and support single sign-on.
OAuth 2.0 can be used at the same time as SAML or OpenID Connect.
Dependence
OpenID Connect is built on the OAuth 2.0 protocol. It uses an ID token, an JSON web token to standardize the areas OAuth 2.0 leaves to choice, including endpoint discovery and scopes. It focuses solely on user authentication, and is mostly used to enable users to login to consumer websites and mobile applications.
SAML runs independently of OAuth 2.0, and instead of JSON web token, it uses message exchange to authenticate in XML. As such, it is more common to help organization users to use a single login for multiple applications. It is an umbrella standard that addresses federation, single sign-on, and identity management.
Use cases
SAML is mostly used in enterprise applications. It is supported by cloud business solutions like Salesforce, Box, Workday, Microsoft 365, and Google Workspace.
OpenID Connect is mostly used in consumer applications like Facebook, YouTube, and PayPal.