Open Stack

Vlad,

The relevant information is documented here: 
http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/openid.html#openid-2-0-request-authentication-response

You must first make the OpenID request in order to get the correct 
identifier. As Sebastian mentioned, oAuth should not be used for 
authentication.  If there are additional questions on this, please let 
us know.

-- 
Jimmy McArthur






Sebastian Marcet wrote:
> Vladislav  , oauth2 is not meant for authentication, is meant for 
> authorization, if you use oauth2 for authentication, then you are 
> introducing some security issues on your app
> http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html
>
> if you want to authenticate your users in a safe way, you should use 
> openid endpoint first, then the oauth2 proctected api to get 
> additional user info, that is not provided by openid netiher its 
> extensions (SREG/AX) by default
>
> regards
>
> 2015-04-16 9:57 GMT-03:00 Vladislav Kuzmin <vkuzmin at mirantis.com 
> <mailto:vkuzmin at mirantis.com>>:
>
>     Sebastian, I've used only OAuth2.0 (not OpenID) for obtain an
>     access_token and I've used this documentation
>     http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html
>     . When I got the access_token, I called "OAuth 2.0 Rest API" for
>     get info about the user
>     http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html
>     . But "OAuth 2.0 Rest API" don't provide unique identifier for user.
>     My main goal is to get a unique ID for a user that I can use in my
>     application.
>     How I can get ID for user with OAuth2.0?
>
>     On Thu, Apr 16, 2015 at 1:13 PM, Sebastian Marcet
>     <smarcet at gmail.com <mailto:smarcet at gmail.com>> wrote:
>
>         Vladislav  in order to user oauth 2.0, i am assuming that you
>         are doing first an openid request, on the openid response (
>         possitive assertion
>         http://openid.net/specs/openid-authentication-2_0.html#positive_assertions)
>         you will get param "openid.claimed_id", that one contains the
>         openid url that after this patch is unique per user
>
>         regards
>
>         2015-04-16 4:44 GMT-03:00 Vladislav Kuzmin
>         <vkuzmin at mirantis.com <mailto:vkuzmin at mirantis.com>>:
>
>             In this ticket
>             https://storyboard.openstack.org/#!/story/2000239
>             <https://storyboard.openstack.org/#%21/story/2000239> is
>             mentioned only about OpenID. If I will be use OAuth2.0,
>             how I can distinguish between users?
>             I guess that User API
>             http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api
>             should provide an ID for each user.
>
>             On Wed, Apr 15, 2015 at 9:17 PM, Sebastian Marcet
>             <smarcet at gmail.com <mailto:smarcet at gmail.com>> wrote:
>
>                 Hello!
>
>                 here is the ticket that we opened
>                 https://storyboard.openstack.org/#!/story/2000239
>                 <https://storyboard.openstack.org/#%21/story/2000239>
>
>                 regards
>
>                 2015-04-15 12:54 GMT-03:00 Jeremy Stanley
>                 <fungi at yuggoth.org <mailto:fungi at yuggoth.org>>:
>
>                     On 2015-04-15 10:08:08 -0500 (-0500), Jimmy
>                     McArthur wrote:
>                     > Hello!  We are trying to open a ticket for this,
>                     but it looks like
>                     > Launchpad for OpenStackID isn't configured yet.
>                     Can you let us
>                     > know what we need to do to set that up?
>                     [...]
>
>                     Task tracking for all "openstack-infra" repos
>                     moved from Launchpad
>                     to Storyboard late last year once its development
>                     grew closer to
>                     general usability. Log in at
>                     https://storyboard.openstack.org/ and
>                     then add a story at
>                     https://storyboard.openstack.org/#!/project/728
>                     <https://storyboard.openstack.org/#%21/project/728>
>                     for the openstack-infra/openstackid repo (looks
>                     like there are none
>                     active for that Git repo currently).
>                     --
>                     Jeremy Stanley
>
>
>
>
>                 -- 
>                 Ing. Sebastian Marcet
>
>                 SKYPE: sebastian.marcet
>
>
>
>
>
>         -- 
>         Ing. Sebastian Marcet
>
>         SKYPE: sebastian.marcet
>
>
>
>
>
> -- 
> Ing. Sebastian Marcet
>
> SKYPE: sebastian.marcet



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20150416/44e6d1c2/attachment.html>