OAuth 2.0 is the delegated authorization framework that lets an app obtain scoped access to resources on a user's behalf. It is about access, not identity.

OAuth 2.1 is a consolidation of OAuth 2.0 plus a decade of security best practice into a single, safer-by-default specification.

OpenID Connect is the identity layer on top of OAuth 2.0. It is what you use to log a user in and learn who they are.

SAML 2.0 is the XML-based standard behind enterprise single sign-on. It is older than OIDC but remains the lingua franca of enterprise federation.

WebAuthn and FIDO2 are the standards behind passkeys and security keys: public-key authentication that is resistant to phishing by design.

FAPI is a hardened OAuth and OIDC security profile for high-risk APIs such as open banking, where a standard OAuth setup is not strong enough.

SCIM is the standard for automatically provisioning and deprovisioning user accounts across applications. It is how identity flows between systems.

Verifiable Credentials are tamper-evident digital credentials a user holds in a wallet and presents without contacting the issuer. They underpin decentralized identity and the EU wallet.