What authentication technology complements OAuth for identity verification using a RESTful API?

OpenID Connect is designed specifically to work in conjunction with OAuth 2.0, providing an additional layer of identity verification on top of OAuth's authorization framework. While OAuth is primarily focused on the delegation of access permissions, OpenID Connect adds user authentication by allowing clients to verify the identity of the end user based on the authentication performed by an authorization server.

By utilizing OpenID Connect, developers can obtain user information from identity providers in a standardized way, enhancing the overall security and usability of applications that rely on APIs. This protocol takes advantage of OAuth 2.0's framework and extends its functionality, making it suitable for applications that need not only authorization but also the ability to confirm the identity of the user initiating requests.

In contrast, while JWT (JSON Web Token) serves as a method for representing claims securely between two parties, it doesn’t provide the full authentication capabilities that OpenID Connect offers. Similarly, SAML (Security Assertion Markup Language) is primarily used for web-based single sign-on (SSO) and is not designed to complement OAuth's structure in the same way OpenID Connect does. OAuth 2.0 is the authorization framework alone, so it doesn't serve as an additional identity verification technology.