I am baffled while understanding OAuth 2.0, OpenID connect and other mechanisms for securing API's. I did online search, but results are varying with contradicting info.
==> Authentication server.
==> Authorization server.
==> Identity provider (IDP).
==> Identity server.
==> Identity manager
who stores userid / password, is it stored in Identity provider, if so, is there any open source identity provider "server" which we can install on local laptop?
who does issue ID token once a user is authenticated, same about access token, who issue access token.
I see some video tutorials, but no one tells which part of the system actually does these tasks. Can anyone help understand?