Salesforce as an OpenId authentication provider

Question

Google Apps offers an OpenID API that allows end users to securely sign in to third party web sites using their Google Apps user account.

I want to offer similar functionality - i.e. I want the users of my web site to be able to authenticate using their Salesforce account using OpenID.

Does Salesforce offer a similar API/functionality? I've checked the documentation and seen mentions of OpenID Connect API, but this seems to be in its early stages of development. I've also checked Salesforce's Identity Provider feature, but this seems more geared towards SSO scenarios (not quite sure though - please correct me if I am wrong).

Answer 1

(this is an old answer from before open id connect was supported)

they don't support openid connect yet. in the meantime, take a look at the "web server" oauth 2.0 flow and use the "id" scope to get the user's id.

http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com

at the oauth protocol level, there's no guarantee that this id belongs to the user or that it's unique and non-changing, but people use this kind of id for authentication anyway. this is basically how openid connect works; openid connect just formalizes it and adds in some extra validation.