If you haven't seen this post, it may be of interest http://hueniverse.com/2009/04/introducing-sign-in-with-twitter-oauth-style-connect/
On Fri, Mar 26, 2010 at 5:20 PM, Paul Lindner <lind...@inuus.com> wrote: > If a site has an api that returns a stable user identifier then OAuth can > work fine as an SSO. I wouldn't go so far as to call it bastardized.. > > The big difference between OpenID and OAuth is the idiom used. OpenID is > designed to not require prior registration for use -- multiple relying > parties and providers can interoperate using URLs and attribute exchange. > With OAuth you need a consumer key/secret for your site, and the APIs for > attribute exchange change from provider to provider. > > > On Fri, Mar 26, 2010 at 1:39 PM, Chris Messina <chris.mess...@gmail.com>wrote: > >> OAuth can be used as a bastardized mechanism to do SSO, but it's not >> really recommended. >> >> OAuth only provides you with tokens, which could later be revoked, >> effectively destroying the identity that you're relying on. >> >> OpenID is the preferred way to achieve SSO because it provides you with a >> stable, reusable identifier. >> >> Twitter uses OAuth for SSO, but it's really kind of a mis-use of the >> technology, although in practice it kind of solves the problem. >> >> Essentially OpenID provides you with identity; OAuth provides you >> authorization to do things on behalf of a user. Since you're doing something >> on behalf of a user, you get a kind of temporary identity to do stuff but >> it's much more fragile than OpenID. >> >> Why don't you want to do OpenID? >> >> Chris >> >> >> On Fri, Mar 26, 2010 at 10:21 AM, Adam <apcau...@gmail.com> wrote: >> >>> We currently use CAS for SSO. I'd like to have SSO into gmail, but do >>> not want to switch to OpenID. Is it possible to use OAuth to login >>> users into their gmail accounts? Or is OAuth only meant to retrieve >>> user data? >>> >>> I am currently using SignPost to connect to OAuth... if it matters. >>> >>> Thanks. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "OAuth" group. >>> To post to this group, send email to oa...@googlegroups.com. >>> To unsubscribe from this group, send email to >>> oauth+unsubscr...@googlegroups.com<oauth%2bunsubscr...@googlegroups.com> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/oauth?hl=en. >>> >>> >> >> >> -- >> Chris Messina >> Open Web Advocate, Google >> >> Personal: http://factoryjoe.com >> Follow me on Buzz: http://buzz.google.com/chrismessina >> ...or Twitter: http://twitter.com/chrismessina >> >> This email is: [ ] shareable [X] ask first [ ] private >> >> -- >> You received this message because you are subscribed to the Google Groups >> "OAuth" group. >> To post to this group, send email to oa...@googlegroups.com. >> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
