Open Stack

Vladislav  , oauth2 is not meant for authentication, is meant for
authorization, if you use oauth2 for authentication, then you are
introducing some security issues on your app
http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html

if you want to authenticate your users in a safe way, you should use openid
endpoint first, then the oauth2 proctected api to get additional user info,
that is not provided by openid netiher its extensions (SREG/AX) by default

regards

2015-04-16 9:57 GMT-03:00 Vladislav Kuzmin <vkuzmin at mirantis.com>:

> Sebastian, I've used only OAuth2.0 (not OpenID) for obtain an access_token
> and I've used this documentation
> http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html
> . When I got the access_token, I called "OAuth 2.0 Rest API" for get info
> about the user
> http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html
> . But "OAuth 2.0 Rest API" don't provide unique identifier for user.
> My main goal is to get a unique ID for a user that I can use in my
> application.
> How I can get ID for user with OAuth2.0?
>
> On Thu, Apr 16, 2015 at 1:13 PM, Sebastian Marcet <smarcet at gmail.com>
> wrote:
>
>> Vladislav  in order to user oauth 2.0, i am assuming that you are doing
>> first an openid request, on the openid response ( possitive assertion
>> http://openid.net/specs/openid-authentication-2_0.html#positive_assertions
>> )
>> you will get param "openid.claimed_id", that one contains the openid url
>> that after this patch is unique per user
>>
>> regards
>>
>> 2015-04-16 4:44 GMT-03:00 Vladislav Kuzmin <vkuzmin at mirantis.com>:
>>
>> In this ticket https://storyboard.openstack.org/#!/story/2000239 is
>>> mentioned only about OpenID. If I will be use OAuth2.0, how I can
>>> distinguish between users?
>>> I guess that User API
>>> http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api
>>> should provide an ID for each user.
>>>
>>> On Wed, Apr 15, 2015 at 9:17 PM, Sebastian Marcet <smarcet at gmail.com>
>>> wrote:
>>>
>>>> Hello!
>>>>
>>>> here is the ticket that we opened
>>>> https://storyboard.openstack.org/#!/story/2000239
>>>>
>>>> regards
>>>>
>>>> 2015-04-15 12:54 GMT-03:00 Jeremy Stanley <fungi at yuggoth.org>:
>>>>
>>>> On 2015-04-15 10:08:08 -0500 (-0500), Jimmy McArthur wrote:
>>>>> > Hello!  We are trying to open a ticket for this, but it looks like
>>>>> > Launchpad for OpenStackID isn't configured yet. Can you let us
>>>>> > know what we need to do to set that up?
>>>>> [...]
>>>>>
>>>>> Task tracking for all "openstack-infra" repos moved from Launchpad
>>>>> to Storyboard late last year once its development grew closer to
>>>>> general usability. Log in at https://storyboard.openstack.org/ and
>>>>> then add a story at https://storyboard.openstack.org/#!/project/728
>>>>> for the openstack-infra/openstackid repo (looks like there are none
>>>>> active for that Git repo currently).
>>>>> --
>>>>> Jeremy Stanley
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Ing. Sebastian Marcet
>>>>
>>>> SKYPE: sebastian.marcet
>>>>
>>>
>>>
>>
>>
>> --
>> Ing. Sebastian Marcet
>>
>> SKYPE: sebastian.marcet
>>
>
>


-- 
Ing. Sebastian Marcet

SKYPE: sebastian.marcet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20150416/57e2a524/attachment-0001.html>