Hello.
I am a bit confused about OpenID OAuth stuff.
(by OAuth - i mean OAuth 2.0 here and later)
My target is to create a site with OpenID (or OAuth) auth as well as with
legacy
email + password auth. The site will be on django framework. (python)
I understand difference between OAuth and OpenID and diff between
authorization and authentification.
My primary goal is to implement openid login with google as identity
provider.
The login and register flow must be just like on many sites.
As i see:
register scenario:
1) user enters openid url (clicks google button)
2) user gets redirected to auth provider ( google )
page says:
"Awesome site" ask for your:
email, language, country...
3) user says yes.. gets redirected back
behind the scenes "Awesome site"
retries email language and other user info
using access token
4) User fill other stuff needed in profile..
and this is it.. hes now registered.
login scenario:
1) user enters openid url (clicks google button)
1.a) if user already logged in on auth provider
hmm... it is unclear to me.. but somehow user
get logged in without displaying a provider page (maybe it is closes
fast? )
1.b) if the user not logged on provider
then provider displays login page and redirect back
to awesome site on success.
Because i have to get some user data
it is seem to me that i have to use:
OAuth or Hybrid ( OpenID + OAuth extentions )
protocol.
The things that are not clear to me:
0) How do i get scopes for info i need..
i searched but cant find.. found on someones blog
"https://www.googleapis.com/auth/userinfo#email"; for email
but how about user language, country.. etc.. where it is documented ?
1) If i will use OAuth - will it be enough
to do both - the registration and login
or i will have to fetch user data wuth OAuth
and login with OpenID?
2) Is it ok to use OAuth 2.0 in my scenario ?
or it will be more simple to use 1.0 because i dont need
user data anymore after initial account registration ?
(i think 1.0 is more complex because it has 3 phases ..
but 2.0 is more complex because access token expires.. but
expiration wont be a problem in my scenario as i don't need user data
after registration)
3) There are few libs lying out there:
while reading google api docs i found:
google-api-python-client
openid-python-openid
gdata-python-client
( supposed to be api to google services dont know if it has
oauth in it
hm.. according to this
http://code.google.com/intl/ru/apis/gdata/docs/auth/oauth.html
it have oauth in it
)
python-oauth-client (http://code.google.com/p/python-oauth-client/)
i though thats a lot but then found:
http://your-move.appspot.com ( source files:
https://github.com/sje397/Chess )
which seems to be using google.app.engine lib
from google.appengine.api import users
So which one to choose ?
4) So far i came that the simplest implementation would be:
Like this:
http://code.google.com/p/google-api-python-client/source/browse/samples/oauth2/django_sample/buzz/views.py
But lines 38-44: in my case would fetch user email language and other
stuff (and also i will use other scope .. line 29 )
for a new registered user.. or if it is registered user just ignore
credential
and delete it. ( continue with the site session )
Am i wrong ?
I saw today so many implementation on lib mentioned above that i doubht that
i am right.
--
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
