If you haven't seen this post, it may be of interest http://hueniverse.com/2009/04/introducing-sign-in-with-twitter-oauth-style-connect/
On Fri, Mar 26, 2010 at 5:20 PM, Paul Lindner <[email protected]> wrote: > If a site has an api that returns a stable user identifier then OAuth can > work fine as an SSO. I wouldn't go so far as to call it bastardized.. > > The big difference between OpenID and OAuth is the idiom used. OpenID is > designed to not require prior registration for use -- multiple relying > parties and providers can interoperate using URLs and attribute exchange. > With OAuth you need a consumer key/secret for your site, and the APIs for > attribute exchange change from provider to provider. > > > On Fri, Mar 26, 2010 at 1:39 PM, Chris Messina <[email protected]>wrote: > >> OAuth can be used as a bastardized mechanism to do SSO, but it's not >> really recommended. >> >> OAuth only provides you with tokens, which could later be revoked, >> effectively destroying the identity that you're relying on. >> >> OpenID is the preferred way to achieve SSO because it provides you with a >> stable, reusable identifier. >> >> Twitter uses OAuth for SSO, but it's really kind of a mis-use of the >> technology, although in practice it kind of solves the problem. >> >> Essentially OpenID provides you with identity; OAuth provides you >> authorization to do things on behalf of a user. Since you're doing something >> on behalf of a user, you get a kind of temporary identity to do stuff but >> it's much more fragile than OpenID. >> >> Why don't you want to do OpenID? >> >> Chris >> >> >> On Fri, Mar 26, 2010 at 10:21 AM, Adam <[email protected]> wrote: >> >>> We currently use CAS for SSO. I'd like to have SSO into gmail, but do >>> not want to switch to OpenID. Is it possible to use OAuth to login >>> users into their gmail accounts? Or is OAuth only meant to retrieve >>> user data? >>> >>> I am currently using SignPost to connect to OAuth... if it matters. >>> >>> Thanks. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "OAuth" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]<oauth%[email protected]> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/oauth?hl=en. >>> >>> >> >> >> -- >> Chris Messina >> Open Web Advocate, Google >> >> Personal: http://factoryjoe.com >> Follow me on Buzz: http://buzz.google.com/chrismessina >> ...or Twitter: http://twitter.com/chrismessina >> >> This email is: [ ] shareable [X] ask first [ ] private >> >> -- >> You received this message because you are subscribed to the Google Groups >> "OAuth" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected] <oauth%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected] <oauth%[email protected]>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
