Senad wrote: > I'm looking for possibility to implement user authentication similar > to Facebook Connect via OAuth. I understand that OAuth is not OpenID > extension, but as far as understand Consumer can also authenticate a > user of Service Provider, if Consumer has authorization to access > user's data stored on service provider. In similar way how Facebook > Connect does things: all messages are signed by Service Provided (that > is Facebook), so Consumer just needs to verify whether user's data > send by user are correctly signed. > Well, Facebook Connect does indeed bundle a few things together in order to do what you want, and it's certainly possible to duplicate it using a combination of OpenID (for user login credentialing), OAuth (for secure third party authorization) and Portable Contacts (for contact exchange). Take a look at the work that Joseph Smarr and Plaxo are doing for tips about that. http://www.plaxo.com/api/portablecontacts (Heh, Facebook uses a simple MD5 hash of the arguments + a shared secret, so in some respects, an OpenID/OAuth combination would be more secure, but that's beside the point.)
One of the bigger problems, honestly, is making sure that you've got a system that either maps the OpenID token to your existing UserID, or uses the OpenID token as your UserID. Once you have that, it's fairly trivial to create a table that maps to user information returned by Portable Contacts. It's not as "advanced" as Facebook is (although facebook relies heavily on the use of their Javascript libraries and localized cookies unless you're a trusted party), and frankly, if you're running a simple app or blog, the Facebook API is far easier to get running right now. Then again, their system is absolutely tied to just Facebook so if your life happens to involve other sites, well, you're not going to get them. The OpenConnect stuff is still very much a work in progress, so feel free to help out. > Did anybody investigated this? Any pointers how to do this? > > Thanks! > Senad > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
