I'm working on an extension that will do just that. Stay tuned. And no, it does not compete with OpenID (nor uses it).
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of [email protected] > Sent: Monday, March 16, 2009 9:09 PM > To: OAuth > Subject: [oauth] Re: Using OAuth as a Login Strategy > > > OAuth doesn't tell a consumer who the user is. I mean, it doesn't > authenticate the user to the consumer. The service provider may > associate access tokens with an authenticated user, but a consumer > can't get this information via OAuth alone. I've heard that people > are working to combine OAuth and OpenID, to create a system for both > authentication and authorization. You might find that useful. Sorry > I don't know more. > > An OAuth service provider can 'remind' a consumer of a previous access > token by simply returning that token again, in response to the > consumer's request for an access token. The service provider need not > ask the user to confirm authorization. That is, it can skip the > 'allow' screen, if it knows (from a previous interaction) that the > user has already authorized the consumer. Of course, this requires > the service provider to maintain a database of authorized consumers > for each user. Netflix does this. > > By the way, the service provider need not ask the user to > authenticate, if it can recognize the user quietly. For example, the > user's browser could send a cookie that identifies the user (reliably > enough to satisfy the service provider). > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
