Which statement about OpenID Connect's role in relation to OAuth is accurate?

• A. OpenID Connect adds authentication with identity tokens on top of OAuth.
• B. It replaces OAuth's authorization with a password-based scheme.
• C. OpenID Connect is unrelated to OAuth.
• D. OpenID Connect provides data encryption keys for OAuth.

Answer: (A)

OpenID Connect adds authentication on top of OAuth by providing an identity token that conveys who the user is, alongside the access tokens OAuth already uses for authorization. OAuth 2.0 focuses on granting access to resources (authorization) but doesn’t define how to prove the user’s identity. OpenID Connect builds on OAuth 2.0’s flows and introduces an ID token (typically a JWT) that carries claims about the user, such as a unique subject identifier and issuer, allowing the client to verify the user's identity directly. This combination lets a client both prove who the user is and obtain access to resources as needed, instead of replacing OAuth’s authorization or relying on password-based schemes.