OAuth focuses on authorization, while OpenID focuses on authentication. On the face of it, these two English words are easy to confuse, but in fact, their meanings are fundamentally different:
Authorization:n. Authorization, recognition, approval, appointment
Authentication:n. To prove or identify; confirm.
OAuth is concerned with authorization, that is, "what the user can do", and OpenID is concerned with the proof that: "Who the user is".
If the meaning of OAuth and OpenID is confused, the consequences are serious. Take the application of a domestic website development as an example: its function is to allow Sina Weibo and watercress users to use their own identity to comment, as shown in (the wrong use of OAuth as OpenID):
This type of application is a proof of identity problem, which should have been achieved through OpenID, but because of the erroneous use of OAuth, which poses a security risk : Imagine that the user just posted a comment on the site, but gave the site the freedom to manipulate their own private data! This is like: Courier sent parcels, in order to prove the identity of the recipient, you just give him a look at the identity card can, but you have the security door key to him! Oh,my god!
The difference between OAuth protocol and OpenID Protocol