Which statement best describes OAuth and OpenID Connect relation?

OAuth 2.0 handles authorization: it defines how a client obtains a token that grants access to a resource on behalf of a user. It does not establish who the user is. OpenID Connect sits on top of OAuth 2.0 and adds authentication by issuing identity tokens that prove the user's identity and may provide basic profile information. This pairing lets an app log the user in while also obtaining permission to access the user’s resources using the same framework. The idea that OAuth authenticates or that OpenID Connect handles encryption or storage misses the actual roles: OAuth is about proving permission to access, not who the user is, and OpenID Connect supplies a standard way to verify identity atop that foundation.