Thanks to OpenID and OAuth, the Open Social Web is Beginning to Emerge. My blog’s OpenID powered watchlist and “your comments” features got a write-up on Wired! Nice to know that someone has noticed them.
Sign in with 
OpenID
Thanks to OpenID and OAuth, the Open Social Web is Beginning to Emerge. My blog’s OpenID powered watchlist and “your comments” features got a write-up on Wired! Nice to know that someone has noticed them.
Your OpenID login page won't take my identifier...
Stephen Paul Weber - 7th December 2007 03:45 - #
I'm still somewhat confused as to why OAuth and OpenID aren't more closely related. Surely the "flow" is very similar between the two: in one, you (as a user) are sent off to get an authentication token; in the other, you're sent off to get an access token. Thoughts, opinions? Simon?!
Paul Boddie - 10th December 2007 12:48 - #
OAuth was originally designed to solve a problem that OpenID had: there wasn't a good story for how you authenticate with OpenID if you were using a desktop application. It was quickly realised that this was a subset of a larger problem: I want application X to be able to do action Y on my behalf, without giving application X my full credentials.
It turned out that solving that problem wouldn't just benefit OpenID, it would also benefit all of the other sites that needed to do this (anyone building something similar to the Flick API).
It was also clear that how you authenticated in the first place, be it with OpenID or with a regular username and password, didn't actually matter.
End result: OAuth is as related to OpenID as you need it to be - you can use it with OpenID, but you can also use it without. And it ends up saving a lot of people a lot of trouble in inventing their own authentication API.