Which interoperable authentication protocol is based on the OAuth 2 specification?

OpenID Connect is built on top of the OAuth 2.0 framework, making it an interoperable authentication protocol that extends the capabilities of OAuth 2.0. While OAuth 2.0 primarily focuses on authorization, OpenID Connect adds an identity layer, allowing clients to verify the identity of the end user based on the authentication performed by an authorization server. This capability is crucial for applications requiring user authentication in addition to authorization.

OpenID Connect does this by using standard scopes and response types which provide mechanisms for obtaining user profile information. The protocol enables a seamless integration of authentication in web and mobile applications, enhancing the user experience by allowing single sign-on (SSO) capabilities across multiple services.

The other protocols mentioned, while related to authentication and authorization, do not directly build upon the OAuth 2.0 specification in the same way. OAuth 1.0, for instance, predates OAuth 2.0 and employs different mechanisms for authentication and authorization. Similarly, WS-Federation is a different federation protocol used primarily in enterprise environments and does not integrate the same way OAuth 2.0 does. OpenID is an earlier authentication protocol that does not leverage OAuth 2.0, missing the modern capabilities and user experience