[OSM-talk] User diary enhancements, subscriptions, Facebook/Twitter integration

Serge Wroclawski emacsen at gmail.com
Mon May 9 05:21:15 BST 2011


On Sat, May 7, 2011 at 1:56 PM, Kai Krueger <kakrueger at gmail.com> wrote:
>
> Serge Wroclawski-2 wrote:
>>
>> How does authentication work on the API level with OpenID?
>>
> Preferably through OAuth

The API is RESTful, and therefore should hold no state. OAuth is
precisely the opposite of that.

> but the account can/should still have a password

The basic point of OpenID is that you get rid of the need for the user
to have credentials per site, and allow the provider to handle
authentication how it sees fit.

The first solution, using OAuth against what was a RESTful API, is bad.

The second solution, of offering a second form of authentication,
isn't awful, but it's a bit confusing. Then we either have some users
who are entirely OpenID, and others who aren't, or else we have all
users with passwords, like we do now, and so what's the point of the
OpenID?

- Serge



More information about the talk mailing list