OpenAPI (previously known as Swagger) is the open specification for building APIs (now part of the Linux Foundation).
There was an OAuth 1, which is very different from OAuth2, and more complex, as it included direct specifications on how to encrypt the communication.
OAuth2 is a specification that defines several ways to handle authentication and authorization.
It includes ways to authenticate using a "third party". That's what all the systems with "login with Facebook, Google, Twitter, GitHub" use underneath.
OAuth2 doesn't specify how to encrypt the communication, it expects you to have your application served with HTTPS.
OpenID Connect is another specification, based on OAuth2.
It just extends OAuth2 specifying some things that are relatively ambiguous in OAuth2
For example, Google login uses OpenID Connect (which underneath uses OAuth2).
But Facebook login doesn't support OpenID Connect. It has its own flavor of OAuth2.
OpenAPI has a way to define multiple security "schemes".
apiKey: an application specific key that can come from: A query parameter. A header. A cookie.
openIdConnect: has a way to define how to discover OAuth2 authentication data automatically. This automatic discovery is what is defined in the OpenID Connect specification.
oauth2: all the OAuth2 ways to handle security (called "flows"). Several of these flows are appropriate for building an OAuth 2.0 authentication provider (like Google, Facebook, Twitter, GitHub, etc): implicit clientCredentials authorizationCode
But there is one specific "flow" that can be perfectly used for handling authentication in the same application directly: password
http: standard HTTP authentication systems, including: bearer: a header Authorization with a value of Bearer plus a token. This is inherited from OAuth2. HTTP Basic authentication
Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.