If a site has an api that returns a stable user identifier then OAuth can work fine as an SSO. I wouldn't go so far as to call it bastardized..
The big difference between OpenID and OAuth is the idiom used. OpenID is designed to not require prior registration for use -- multiple relying parties and providers can interoperate using URLs and attribute exchange. With OAuth you need a consumer key/secret for your site, and the APIs for attribute exchange change from provider to provider. On Fri, Mar 26, 2010 at 1:39 PM, Chris Messina <[email protected]>wrote: > OAuth can be used as a bastardized mechanism to do SSO, but it's not really > recommended. > > OAuth only provides you with tokens, which could later be revoked, > effectively destroying the identity that you're relying on. > > OpenID is the preferred way to achieve SSO because it provides you with a > stable, reusable identifier. > > Twitter uses OAuth for SSO, but it's really kind of a mis-use of the > technology, although in practice it kind of solves the problem. > > Essentially OpenID provides you with identity; OAuth provides you > authorization to do things on behalf of a user. Since you're doing something > on behalf of a user, you get a kind of temporary identity to do stuff but > it's much more fragile than OpenID. > > Why don't you want to do OpenID? > > Chris > > > On Fri, Mar 26, 2010 at 10:21 AM, Adam <[email protected]> wrote: > >> We currently use CAS for SSO. I'd like to have SSO into gmail, but do >> not want to switch to OpenID. Is it possible to use OAuth to login >> users into their gmail accounts? Or is OAuth only meant to retrieve >> user data? >> >> I am currently using SignPost to connect to OAuth... if it matters. >> >> Thanks. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "OAuth" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected] <oauth%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >> > > > -- > Chris Messina > Open Web Advocate, Google > > Personal: http://factoryjoe.com > Follow me on Buzz: http://buzz.google.com/chrismessina > ...or Twitter: http://twitter.com/chrismessina > > This email is: [ ] shareable [X] ask first [ ] private > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected] <oauth%[email protected]>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
