[OSM-talk] User diary enhancements, subscriptions, Facebook/Twitter integration
Serge Wroclawski
emacsen at gmail.com
Mon May 9 05:21:15 BST 2011
On Sat, May 7, 2011 at 1:56 PM, Kai Krueger <kakrueger at gmail.com> wrote:
>
> Serge Wroclawski-2 wrote:
>>
>> How does authentication work on the API level with OpenID?
>>
> Preferably through OAuth
The API is RESTful, and therefore should hold no state. OAuth is
precisely the opposite of that.
> but the account can/should still have a password
The basic point of OpenID is that you get rid of the need for the user
to have credentials per site, and allow the provider to handle
authentication how it sees fit.
The first solution, using OAuth against what was a RESTful API, is bad.
The second solution, of offering a second form of authentication,
isn't awful, but it's a bit confusing. Then we either have some users
who are entirely OpenID, and others who aren't, or else we have all
users with passwords, like we do now, and so what's the point of the
OpenID?
- Serge
More information about the talk
mailing list