Questions to Ask Yourself Before Choosing
Before you embark upon a particular implementation path, you should ask yourself some questions about what you need in your specific application and what’s available to you from a particular provider that you are trying to integrate.
Does the provider I am working with support hybrid auth? Where can I find out?
The first question that you should ask yourself before embarking upon any approach is “What does my provider support?” Clearly, if you’re working with a service that’s an OpenID provider but does not offer OAuth, you should not be looking into a hybrid auth approach.
When working with a standard OpenID implementation, you simply need to find out two things:
Is the company that I am trying to allow a login for an OpenID provider?
What is that company’s discovery URL? (For a refresher on this topic, see the section OpenID Providers in Chapter 11.)
If the first answer is “yes,” and you have the discovery URL, you’re ready to begin integrating OpenID authentication into your site.
Now, if you’re looking into a hybrid auth approach, you’ll not only need to answer the preceding questions about OpenID, but also a number about OAuth and hybrid auth, such as:
Does the provider I’m working with support OAuth?
Does the provider I’m working with support hybrid auth to allow me to obtain a preapproved request token from OpenID, in order to exchange it for an OAuth access token?
If the answers to the preceding questions are also “yes,” then you are ready ...
Get Programming Social Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
