Identity & Access Management Authentication vs Authorization - Authentication (AuthN) : Who are you? - Authorization (AuthZ) : What can you do? OAuth 2.0 Flows Authorization Code (Web Apps) PKCE (Mobile/SPA) Like Authorization Code but with code verifier/challenge instead of secret. Client Credentials (Machine-to-Machine) OpenID Connect (OIDC) OAuth 2.0 + identity layer. Key additions : - ID Token (JWT with user info) - UserInfo endpoint - Standard claims (sub, email, name) JWT Structure Role-Based Access Control (RBAC) Best Practices Passwords - Minimum 12 characters - Hash with Argon2id or…