Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is OpenID "Automatic Login"?

What is OpenID "Automatic Login"?

I've never heard this term in a technical sense until today. It has suddenly appeared in Facebook's marketing blog in reference to their new deal with Google.

To be clear, they assert that virtually no other OpenID providers besides Google implement OpenID "Automatic Login", thus no other OpenIDs are currently supported by Facebook.

Does this even exist?

FYI, yes this is a programming question. I would really love to see the API documentation for this feature. Please post a link to it if you are familiar with it. Thanks!!

Facebook announcement: http://www.insidefacebook.com/2009/05/18/facebook-launches-openid-support-users-can-now-login-with-a-gmail-account/

like image 846
Walt Jones Avatar asked May 19 '09 03:05

Walt Jones


People also ask

What is OpenID used for?

Web apps: OpenID Connect provides great support for modern web applications, which often run within a single page and have a great deal of JavaScript, such as Gmail. Mobile: OpenID Connect provides great support for native mobile applications running on iOS and Android.

What is OpenID and how does it work?

OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. Targeted toward consumers, OIDC allows individuals to use single sign-on (SSO) to access relying party sites using OpenID Providers (OPs), such as an email provider or social network, to authenticate their identities.

Is OpenID Connect Safe?

OpenID Connect, its predecessors, and other public-key-encryption-based authentication frameworks guarantee the security of the complete internet by having the responsibility for user identity verification in the hands of the most trusted and reliable service providers.

Do I need OpenID?

You only really need OAuth2 and OpenID Connect if you'd like your users to give consent ("i.e. I want to allow this app access to my personal data"). You do not need OAuth2 to generate a JSON Web Token, a Personal Access Token, a Native Mobile App Session Token.


2 Answers

The reason people are excited about this is that it is a much smoother User Interface experience than using just OpenID.

The new system was first demonstrated by Plaxo developers and now has additional information available, see http://code.google.com/apis/accounts/docs/OpenID.html

A blog post from TechCrunch: http://www.readwriteweb.com/archives/google_openid_updates_ui.php

The issue right now, afaik, is that the methodology is poorly documented, so it is mostly appearing on sites that are paying JanRain corp. for their implementation.

like image 35
Larry K Avatar answered Sep 25 '22 11:09

Larry K


I'm pretty certain that this is just an application of OpenID's "Immediate mode":

Immediate mode allows you to attempt to verify the user without them leaving your site at all. This is normally possible if, during the first time you attempt to verify a user, they choose to always allow you to verify them and offers a slightly more streamlined login experience.

like image 80
TML Avatar answered Sep 22 '22 11:09

TML