ChurchTools supports both the LDAP protocol and OAuth. You can use both methods to sign up to third-party systems such as Nextcloud with your ChurchTools login details. But what exactly is the difference and which method should you use?
LDAP (Lightweight Directory Access Protocol) #
LDAP is a standard protocol that is used to retrieve and authenticate information about users in a directory service. It was primarily developed for local networks and is a robust but rather classic method of authentication.
Advantages of LDAP:
- Widely used and supported by many systems.
- Especially useful if you have local services or systems that do not support modern authentication methods.
Disadvantages of LDAP:
- LDAP does not use token-based security by default
- Can be more complex to configure, especially if SSL/TLS is used to secure the communication.
OAuth (Open Authorization) #
OAuth is a modern, token-based protocol that has been specially developed for web and cloud applications. It allows users to securely and easily sign up to third-party systems with their ChurchTools Login details without sharing their passwords. A third-party system can also be used to log in to a ChurchTools system. This can also be another ChurchTools system.
Advantages of OAuth:
- Security: By using tokens, your password is never transmitted directly to the third-party system.
- Simplicity: Many modern systems such as Nextcloud or Home Assistant support OAuth and offer simple integration.
- Flexibility: OAuth is specially designed for secure access to cloud and web services.
Disadvantages of OAuth:
- Only works if the third-party system supports OAuth.