Let's supposed I have a set of public REST APIs I want to open to developers. A developer's site is assumed to have its own custom way of managing users. However in order to use the API, the developer must provision its users into my backend. I'm thinking of making it a requirement that they collect the OpenID URLs of their users. To provision their users, all they need to do is send me those OpenID URLs. My next question: Given an OpenID URL, I don't have a clue about the user's name, email address etc..? Is there a way to introspect the OpenID URL and obtain about those information legally with the user's consent ?
A:
Unless you are an OpenID provider, you are looking for OAuth, which has little to do with OpenID.
From the website: "[OAuth is] an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications."
Mewp
2010-08-26 10:10:36
I don't want to implement OAuth.
Jacques René Mesrine
2010-08-27 07:31:11
You want to let users from your website provide their information/content to other websites via an RESTful API, right? (or did I not understand the question correctly?) If you do, OAuth will suit your needs more than OpenID.
Mewp
2010-08-27 18:43:18
At the moment, I want to solve the user provisioning problem first. My boss has reiterated that we don't want OAuth.
Jacques René Mesrine
2010-08-30 06:31:54