What is the practical difference between OAuth 2.0 and OpenID Connect?

The practical difference is that OAuth 2.0 handles authorization to resources, while OpenID Connect adds authentication on top to verify who the user is and enable single sign-on. OAuth 2.0 lets a client obtain an access token so it can call APIs on behalf of a user, but it doesn’t define or guarantee the user’s identity. OpenID Connect builds on OAuth 2.0 by returning an ID token—typically a JWT—that proves the user’s identity and carries basic identity claims (like a user identifier, name, and email). It also provides ways to fetch more profile info if needed through a UserInfo endpoint. Because of this, you use OAuth 2.0 when you need delegated access to resources, and you use OpenID Connect when you also need to authenticate the user and enable SSO. OpenID Connect is not a replacement for OAuth 2.0; it’s built on top of it to add authentication.