Menu
What is OpenID "Automatic Login"?
I've never heard this term in a technical sense until today. It has suddenly appeared in Facebook's marketing blog in reference to their new deal with Google.
To be clear, they assert that virtually no other OpenID providers besides Google implement OpenID "Automatic Login", thus no other OpenIDs are currently supported by Facebook.
Does this even exist?
FYI, yes this is a programming question. I would really love to see the API documentation for this feature. Please post a link to it if you are familiar with it. Thanks!!
Facebook announcement: http://www.insidefacebook.com/2009/05/18/facebook-launches-openid-support-users-can-now-login-with-a-gmail-account/
846
Web apps: OpenID Connect provides great support for modern web applications, which often run within a single page and have a great deal of JavaScript, such as Gmail. Mobile: OpenID Connect provides great support for native mobile applications running on iOS and Android.
OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. Targeted toward consumers, OIDC allows individuals to use single sign-on (SSO) to access relying party sites using OpenID Providers (OPs), such as an email provider or social network, to authenticate their identities.
OpenID Connect, its predecessors, and other public-key-encryption-based authentication frameworks guarantee the security of the complete internet by having the responsibility for user identity verification in the hands of the most trusted and reliable service providers.
You only really need OAuth2 and OpenID Connect if you'd like your users to give consent ("i.e. I want to allow this app access to my personal data"). You do not need OAuth2 to generate a JSON Web Token, a Personal Access Token, a Native Mobile App Session Token.
The reason people are excited about this is that it is a much smoother User Interface experience than using just OpenID.
The new system was first demonstrated by Plaxo developers and now has additional information available, see http://code.google.com/apis/accounts/docs/OpenID.html
A blog post from TechCrunch: http://www.readwriteweb.com/archives/google_openid_updates_ui.php
The issue right now, afaik, is that the methodology is poorly documented, so it is mostly appearing on sites that are paying JanRain corp. for their implementation.
35
I'm pretty certain that this is just an application of OpenID's "Immediate mode":
Immediate mode allows you to attempt to verify the user without them leaving your site at all. This is normally possible if, during the first time you attempt to verify a user, they choose to always allow you to verify them and offers a slightly more streamlined login experience.
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
