OAuth 2.0 implementation
roland at catalogix.se
Tue Mar 27 15:36:22 CEST 2012
And then to complicate the picture you have OpenID Connect which is an attempt at
bringing OpenID and OAuth2.0 together.
By the way I have an implementation of OpenID Connect here:
27 mar 2012 kl. 11:59 skrev Stuart Bishop:
> On Tue, Mar 27, 2012 at 10:11 AM, Ben Finney <ben+python at benfinney.id.au> wrote:
>> Demian Brecht <demianbrecht at gmail.com> writes:
>>> I'm getting close to an alpha release of an OAuth 2.0 implementation
>> Thank you for doing this work.
>> As someone who uses OpenID, what can I read about why OAuth is better?
> They are different, and often you need to use both.
> OpenID allows web sites to authenticate someone. It is not really
> useful for anything not an interactive web site. The consuming site
> never gets your keys, it just gets confirmation from the provider that
> the user is who they claim they are and maybe some details that the
> provider chooses to provide such as an email address.
> OAuth is for generating authentication keys that allow a program to
> authenticate as someone and perform operations on their behalf. You
> use OAuth to generate a key so that Foursquare can send messages via
> Twitter on your behalf, or so the Facebook client on your phone can
> access your account without storing your password. You also get
> authentication here, as you can't generate a key without being
> authenticated, but the real reason it is used instead of OpenID is so
> you can keep the key and keep using it to act as the user; you can
> keep using that key until it expires or it is revoked.
> Authentication providers that don't provide a webapi just implement
> OpenID. Big sites like Google and Facebook implement both OpenID (for
> 'log in with your GMail account') and OAuth ('post this message to
> your Facebook wall').
> Stuart Bishop <stuart at stuartbishop.net>
With anchovies there is no common ground
-- Nero Wolfe
More information about the Python-list