OAuth and OpenID Connect (OIDC) are frameworks used for authorization and identity verification, respectively, that rely on the authentication of users by authorization servers to issue tokens without specifying the exact method of authentication. This lack of specificity allows these frameworks to remain adaptable to evolving authentication technologies and practices, such as multi-factor authentication or newer methods like WebAuthn and FaceID, without being tied to any specific technique. The separation of concerns enables OAuth and OIDC to focus on the process of obtaining authorization and identity tokens, leaving the responsibility of determining the appropriate authentication method to the authorization server. This approach not only future-proofs the specifications but also allows for context-specific enhancements in authentication, such as additional security measures or external identity store delegation, without impacting dependent applications. Moreover, the flexibility of OAuth and OIDC extends to other identity-related topics, like user provisioning, which are also considered out of scope, ensuring that these frameworks can adapt to various identity management needs over time.