Zywave Auth uses OpenId Connect, an extension of OAuth 2.0, to provide authentication and authorization functionality for apps and APIs.

Additional API-driven features such as licenses, permissions, and profiles are available for more granular authorization control.


Authorization (AuthZ) is the process of securely granting permission. Zywave utilizes OAuth 2.0 as the primary means of authorization.

OAuth 2.0 is a standard protocol that defines grant types to enable clients to request access to resources from the authorization server on behalf of resource owners.

To break this down, we need to define a few terms:

Authorization Server


Grant type


Resource Owner

Putting it all together in easier terms:

OAuth 2.0 is a standard protocol that defines flows to enable apps to request access to APIs from the IdP on behalf of users.


Authentication (AuthN) is the process of proving the identity of a subject. Zywave uses OpenId Connect (OIDC) as the primary means of authentication.

OpenId Connect is an identity layer on top of OAuth 2.0 that enables clients to verify the identities of end-users.