On Sat, May 7, 2011 at 1:56 PM, Kai Krueger <[email protected]> wrote: > > Serge Wroclawski-2 wrote: >> >> How does authentication work on the API level with OpenID? >> > Preferably through OAuth
The API is RESTful, and therefore should hold no state. OAuth is precisely the opposite of that. > but the account can/should still have a password The basic point of OpenID is that you get rid of the need for the user to have credentials per site, and allow the provider to handle authentication how it sees fit. The first solution, using OAuth against what was a RESTful API, is bad. The second solution, of offering a second form of authentication, isn't awful, but it's a bit confusing. Then we either have some users who are entirely OpenID, and others who aren't, or else we have all users with passwords, like we do now, and so what's the point of the OpenID? - Serge _______________________________________________ talk mailing list [email protected] http://lists.openstreetmap.org/listinfo/talk
