<html><head>

<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">

</head><body bgcolor="#FFFFFF" text="#000000">Vlad,<br>

<br>

The relevant information is documented here: 

<a class="moz-txt-link-freetext" href="http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/openid.html#openid-2-0-request-authentication-response">http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/openid.html#openid-2-0-request-authentication-response</a><br>

<br>

You must first make the OpenID request in order to get the correct 

identifier. As Sebastian mentioned, oAuth should not be used for 

authentication.  If there are additional questions on this, please let 

us know.<br>

<br>

<span>-- <br><span><div style="color: rgb(136, 136, 136); margin-right: 

24px;" __pbrmquotes="true" class="__pbConvBody"><span style="color: 

rgb(0, 0, 0);">Jimmy McArthur</span><div><br>

</div>

</div>  

  </span></span><br>

<br>

<br>

<br>

<br>

Sebastian Marcet wrote:

<blockquote 

cite="mid:CAMiLqoSmJXMqg7FUd8Hu-PZS9DnrAygX3eJn89qqqjG1Ccy8QA@mail.gmail.com"

 type="cite">

  <div dir="ltr"><span 

style="color:rgb(80,0,80);font-size:12.8000001907349px">Vladislav  , 

oauth2 is not meant for authentication, is meant for authorization, if 

you use oauth2 for authentication, then you are introducing some 

security issues on your app</span><br><div><font color="#500050"><span 

style="font-size:12.8000001907349px"><a moz-do-not-send="true" 

href="http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html">http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html</a></span></font><br></div><div><font

 color="#500050"><span style="font-size:12.8000001907349px"><br></span></font></div><div><font

 color="#500050"><span style="font-size:12.8000001907349px">if you want 

to authenticate your users in a safe way, you should use openid endpoint

 first, then the oauth2 proctected api to get additional user info, that

 is not provided by openid netiher its extensions (SREG/AX) by default</span></font></div><div><font

 color="#500050"><span style="font-size:12.8000001907349px"><br></span></font></div><div><font

 color="#500050"><span style="font-size:12.8000001907349px">regards</span></font></div></div>

  <div class="gmail_extra"><br><div class="gmail_quote">2015-04-16 9:57 

GMT-03:00 Vladislav Kuzmin <span dir="ltr"><<a moz-do-not-send="true"

 href="mailto:vkuzmin@mirantis.com" target="_blank">vkuzmin@mirantis.com</a>></span>:<br><blockquote

 class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc 

solid;padding-left:1ex"><div dir="ltr"><div><div>Sebastian, I've used 

only OAuth2.0 (not OpenID) for obtain an access_token and I've used this

 documentation <a moz-do-not-send="true" 

href="http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html"

 target="_blank">http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html</a>

 . When I got the access_token, I called "OAuth 2.0 Rest API" for get 

info about the user <a moz-do-not-send="true" 

href="http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html"

 target="_blank">http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html</a>

 . But "OAuth 2.0 Rest API" don't provide unique identifier for user.<br></div><span

 lang="en"><span>My main goal</span> <span>is to get</span> <span>a 

unique ID</span> <span>for a user that</span> <span>I can use</span> <span>in

 my application</span><span>.<br></span></span></div><span lang="en"><span>How

 I can get ID for user with OAuth2.0?<br></span></span></div><div 

class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div 

class="gmail_quote">On Thu, Apr 16, 2015 at 1:13 PM, Sebastian Marcet <span

 dir="ltr"><<a moz-do-not-send="true" href="mailto:smarcet@gmail.com"

 target="_blank">smarcet@gmail.com</a>></span> wrote:<br><blockquote 

class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc 

solid;padding-left:1ex"><div dir="ltr">Vladislav  in order to user oauth

 2.0, i am assuming that you are doing first an openid request, on the 

openid response ( possitive assertion <a moz-do-not-send="true" 

href="http://openid.net/specs/openid-authentication-2_0.html#positive_assertions"

 target="_blank">http://openid.net/specs/openid-authentication-2_0.html#positive_assertions</a>)<br><div>you

 will get param "<span 

style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">openid.claimed_id</span>",

 that one contains the openid url that after this patch is unique per 

user</div><div><br></div><div>regards</div></div><div 

class="gmail_extra"><br><div class="gmail_quote">2015-04-16 4:44 

GMT-03:00 Vladislav Kuzmin <span dir="ltr"><<a moz-do-not-send="true"

 href="mailto:vkuzmin@mirantis.com" target="_blank">vkuzmin@mirantis.com</a>></span>:<div><div><br><blockquote

 class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc 

solid;padding-left:1ex"><span><div dir="ltr"><span lang="en"><span>In 

this</span> <span>ticket</span> <a moz-do-not-send="true" 

href="https://storyboard.openstack.org/#%21/story/2000239" 

target="_blank"><span>https://storyboard.openstack.org/#!/story/2000239</span></a>

 <span>is mentioned</span> <span>only</span> <span>about</span> <span>OpenID.</span></span>

 If I will be use OAuth2.0, how I can distinguish between users? <br>I 

guess that User API <a moz-do-not-send="true" 

href="http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api"

 target="_blank">http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api</a>

 should provide an ID for each user.</div></span><div 

class="gmail_extra"><br><div class="gmail_quote"><span>On Wed, Apr 15, 

2015 at 9:17 PM, Sebastian Marcet <span dir="ltr"><<a 

moz-do-not-send="true" href="mailto:smarcet@gmail.com" target="_blank">smarcet@gmail.com</a>></span>

 wrote:<br></span><div><div><blockquote class="gmail_quote" 

style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div

 dir="ltr">Hello!<div><br></div><div>here is the ticket that we opened <a

 moz-do-not-send="true" 

href="https://storyboard.openstack.org/#%21/story/2000239" 

target="_blank">https://storyboard.openstack.org/#!/story/2000239</a></div><div><br></div><div>regards</div></div><div

 class="gmail_extra"><br><div class="gmail_quote">2015-04-15 12:54 

GMT-03:00 Jeremy Stanley <span dir="ltr"><<a moz-do-not-send="true" 

href="mailto:fungi@yuggoth.org" target="_blank">fungi@yuggoth.org</a>></span>:<div><div><br><blockquote

 class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc 

solid;padding-left:1ex"><span>On 2015-04-15 10:08:08 -0500 (-0500), 

Jimmy McArthur wrote:<br>

> Hello!  We are trying to open a ticket for this, but it looks like<br>

> Launchpad for OpenStackID isn't configured yet. Can you let us<br>

> know what we need to do to set that up?<br>

</span>[...]<br>

<br>

Task tracking for all "openstack-infra" repos moved from Launchpad<br>

to Storyboard late last year once its development grew closer to<br>

general usability. Log in at <a moz-do-not-send="true" 

href="https://storyboard.openstack.org/" target="_blank">https://storyboard.openstack.org/</a>

 and<br>

then add a story at <a moz-do-not-send="true" 

href="https://storyboard.openstack.org/#%21/project/728" target="_blank">https://storyboard.openstack.org/#!/project/728</a><br>

for the openstack-infra/openstackid repo (looks like there are none<br>

active for that Git repo currently).<br>

<span><font color="#888888">--<br>

Jeremy Stanley<br>

</font></span></blockquote></div></div></div><span><font color="#888888"><br><br

 clear="all"><div><br></div>-- <br><div><div dir="ltr">Ing. Sebastian 

Marcet<br><br>SKYPE: sebastian.marcet</div></div>

</font></span></div></blockquote></div></div></div><br></div></blockquote></div></div></div><div><div><br><br

 clear="all"><div><br></div>-- <br><div><div dir="ltr">Ing. Sebastian 

Marcet<br><br>SKYPE: sebastian.marcet</div></div>

</div></div></div></blockquote></div><br></div>

</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div

 class="gmail_signature"><div dir="ltr">Ing. Sebastian Marcet<br><br>SKYPE:

 sebastian.marcet</div></div>

  </div>

</blockquote>

<br>

<div class="moz-signature"><span><br>

</span><br>

</div>

</body></html>