Why use a standardized auth protocol?

Software applications regularly need to gain access to data from other services on behalf of their users. An application may need to grab a list of user’s contacts from a third-party service, such as their Google contacts. Or it might need to access a user’s calendar so the application can create calendar entries for the user. Larger organizations often require employees to have passwordless access to all the applications and services needed to do their jobs.

This blog post is an excerpt from The Value of Standards-Compliant Authentication.

How can you make sure your systems are giving proper access to other systems and verify access requests from other applications? Are there easy and trusted ways to build these integrations?

In this article, you’ll learn about why it’s important to use a standards-compliant authentication protocol when integrating systems.

Security

Standardized auth protocols are like open-source software: You can trust open-source code when other experts have examined how they work and have publicly vetted them. Likewise, standardized auth protocols have been publicly vetted by experts and are openly trusted. Because of this, many organizations will trust your solutions only if you are using standardized protocols such as OAuth and SAML.

When you use a standardized protocol, you have the peace of mind that comes with knowing your authentication system is following in the footsteps of industry experts and best practices.

Transferable learning

This would lead to a scenario where you couldn’t leverage your hardwon knowledge between projects and employers. If you instead use a ubiquitous protocol like OAuth, there may be subtle differences, but you’ll understand the general authentication architecture. If you know how standardized protocols work and what use cases they solve, you can bring that knowledge to other projects and companies.

The same applies when teaching and onboarding new engineers to your team. If you are using a standardized auth protocol, then your new team members are likely to already know about OAuth, SAML, or other standardized protocols. It will be much easier to get these new team members up and running and contributing to these relevant areas of your system.

Supporting libraries

On the other hand, most modern programming languages have code libraries that integrate with standard auth protocols thereby accelerating your development work. By using a standardized auth protocol such as OAuth or SAML, your clients and API consumers can reuse common code libraries for their programming language of choice.

Interoperability with other systems

The same applies to external systems. If you have created an API that supports SAML, for example, then your customers will understand how to integrate their solutions and systems with yours much more quickly, and with far fewer headaches.

Edge cases

By leveraging a standard, you will gain the benefits of all that knowledge and experience.

To learn about details of particular authentication and authorization standards, read The Value of Standards-Compliant Authentication.

Originally published at https://fusionauth.io.

Auth for built for devs. Installs on any server, anywhere in the world. Integrates with any codebase.