I've been tracking OpenID auth from 1.0 with great interest. Last
summer Johannes Ernst explained to me how it was that one might use
openid to authenticate a non-interactive user agent such as a REST API
consumer by intercepting the RP's redirect and providing the info from
the IdP itself.
Hi Dick:
I think REST support is a really useful feature, and have described
how that might happen in the past, but right now we are pretty
focussed on getting browser based auth finalized, and I think the
mechanisms for rich clients will be related, but slightly different.
That all makes