Pros and Cons: Hybrid Auth
Now let’s take a look at the more extensive implementation—the OpenID OAuth hybrid approach—to see how it compares to the straight OpenID integration that we just discussed.
Pros:
Since you are using OAuth for your authorization model, you will have access to a much wider array of information from user profiles. In addition to the extensive data comprising the profile systems, OAuth providers usually supply several social APIs that allow you to get, set, and delete a significant quantity of the user’s profiles, connections, and activities.
By storing the access token provided from the OAuth process, applications and services may generally run headless requests[3] to process user data for the duration that the access token is valid.
Since you are already leveraging the OpenID process, you also gain all of its pros, with the exception of its lightweight implementation.
Cons:
When you integrate the OAuth libraries, you incur quite a large overhead in your implementation code base. Instead of the process completing when the user authenticates the application (like in OpenID), once the user signs in to authorize your application, you still need to perform all of the token exchange steps required to obtain a valid OAuth access token.
To integrate OAuth in the hybrid auth approach, you have to set up an application with the provider in order to obtain the consumer key and secret needed for the OAuth process. This means that you will also need to implement a mechanism ...
Get Programming Social Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
