tags:

views:

1182

answers:

4
+6  Q: 

LinkedIn / Twitter / Facebook as OAuth and OpenId use

Firstly I understand OpenId is for authentication and OAuth is for authorisation and unlike other questions on the site I am not asking which should be used for which but if anyone can advise a solution for my issue.

I want to allow users to login to my site via their LinkedIn/Twitter/Facebook account once logged in say via LinkedIn they could also then authorise their Twitter and Facebook account as a optional login method. This would allow the user to authenticate via any of the three but end up with their user account on my site as the end result.

I also want to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.

I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.

Any ideas or issues to this issue

Lee

+1  A: 

Have you looked into RPX?

https://rpxnow.com/

Andrew Lewis  2010-04-14 16:26:32
Thanks for the suggestion andrew but want to talk directly to the service provider rather than via another provider and I can't see that RPX supports linkedIn
monkeylee  2010-04-16 14:13:27
A: 

I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.

I'm afraid you'll have to connect the user's account to each of the 3 services individually. What platform are you using to build your app? If it's Ruby, then a gem like OmniAuth looks promising.

Jonathan Julian  2010-04-15 14:25:02
I don't mind connecting to each of the 3 services independently, I don't want the user to have to auth twice per service, once for login and again to allow data querying or publishing to their stream. platform is - ASP.NET MVC / C#
monkeylee  2010-04-15 16:03:55
After you auth with each service, save the secret tokens in your db to allow your app to connect on behalf of that user in the future. A 2nd auth to publish to their stream will not be needed.
Jonathan Julian  2010-04-16 13:05:45
I agree, but once that service is assigned 2 days later the user returns to my site and clicks twitter login (to authenticate the user to my site not give stream access as that was done previously) won't twitter than ask them if they want to give access each time? where all I want is it to authenticate their twitter account details return the secret tokens which I have stored and can compare?
monkeylee  2010-04-17 09:21:02
If they have an active browser session with Twitter, then they won't be asked, and you'll still get the tokens passed to your callback from Twitter. If they have logged out of Twitter, they they'll have to log back in.
Jonathan Julian  2010-04-17 17:32:27
+1  A: 

If you are using ASP.NET MVC, DotNetOpenAuth is an excellent solution for supporting OpenID/OAuth sites. StackOverflow is using it, and they are quite picky for the code they use in the site.

The integration if OpenID with DotNetOpenAuth is quite straightforward. I have not tried OAuth, but I don't expect it to be of any less quality.

Unfortunately, Facebook does not support OpenID/OAuth, so you need to use a different solution for it. The one I use is Clarity Consulting's Facebook Developer Toolkit. It works, although I do have certain complaints about the quality of the code; unfortunately I haven't found anything better yet. (Note: If anyone knows a better alternative, by all means let me know)

The basic integration of Facebook Connect with the Facebook Developer Toolkit is also relatively straightforward. However, their object model is somewhat messed up, due to their attempt to stay as close to the Facebook APIs, so the HTTP API patterns are bleeding through a lot. Still, it does the work.

Update: Now that Facebook announced that they'll be supporting OAuth 2.0, DotNetOpenAuth might turn out to be the best solution.

Franci Penov  2010-04-19 03:52:36
A: 

Hi, I have been working on a similar topic. My concern is given this scenario, say I log in using my LinkedIn account to his site, How would I then be able to extract my facebook data without the Oauth token?

What am trying to basically find out is, Is there a way in which say I use my gmail account (as open ID) to log into facebook(without the log in prompt) and still give me an access token to facebook with which I can access my data on facebook.

Shankar  2010-07-13 22:51:02

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?