OAuth is a delegation API, it will never have support for Authentication
only (authentication is verifying identity, authorization is validating
access to some resource based on that identity). That is the job of
OpenID and is a service much better provided for by OpenID.
That said, it would be interesting to see Twitter be an OpenID provider.
Elliott Kember wrote:
Cool - yeah sorry about that. I meant to say the next time they try to
access their account.
It'd be even better if there were another level of OAuth permissions -
"authorization only" - which just lets you log in using the account,
and only lets you call verify_credentials.
Am I the only one that thinks this could be really cool? What are the
downsides?
On Mar 26, 5:07 pm, Graeme Foster <[email protected]> wrote:
2009/3/26 Elliott Kember <[email protected]>
No - they don't log in before I request authorization. I get their
access token without having any idea who they are.
That's what I'm trying to avoid - I don't want to have any login stuff
on my side so the login is as easy as possible.
I see - exactly the same problem as me then. When you said they log in I
incorrectly assumed you meant to your app.
G.
