<div dir="ltr"><span style="color:rgb(80,0,80);font-size:12.8000001907349px">Vladislav  , oauth2 is not meant for authentication, is meant for authorization, if you use oauth2 for authentication, then you are introducing some security issues on your app</span><br><div><font color="#500050"><span style="font-size:12.8000001907349px"><a href="http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html">http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html</a></span></font><br></div><div><font color="#500050"><span style="font-size:12.8000001907349px"><br></span></font></div><div><font color="#500050"><span style="font-size:12.8000001907349px">if you want to authenticate your users in a safe way, you should use openid endpoint first, then the oauth2 proctected api to get additional user info, that is not provided by openid netiher its extensions (SREG/AX) by default</span></font></div><div><font color="#500050"><span style="font-size:12.8000001907349px"><br></span></font></div><div><font color="#500050"><span style="font-size:12.8000001907349px">regards</span></font></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-16 9:57 GMT-03:00 Vladislav Kuzmin <span dir="ltr"><<a href="mailto:vkuzmin@mirantis.com" target="_blank">vkuzmin@mirantis.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Sebastian, I've used only OAuth2.0 (not OpenID) for obtain an access_token and I've used this documentation <a href="http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html" target="_blank">http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/oauth2.html</a> . When I got the access_token, I called "OAuth 2.0 Rest API" for get info about the user <a href="http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html" target="_blank">http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html</a> . But "OAuth 2.0 Rest API" don't provide unique identifier for user.<br></div><span lang="en"><span>My main goal</span> <span>is to get</span> <span>a unique ID</span> <span>for a user that</span> <span>I can use</span> <span>in my application</span><span>.<br></span></span></div><span lang="en"><span>How I can get ID for user with OAuth2.0?<br></span></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 16, 2015 at 1:13 PM, Sebastian Marcet <span dir="ltr"><<a href="mailto:smarcet@gmail.com" target="_blank">smarcet@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Vladislav  in order to user oauth 2.0, i am assuming that you are doing first an openid request, on the openid response ( possitive assertion <a href="http://openid.net/specs/openid-authentication-2_0.html#positive_assertions" target="_blank">http://openid.net/specs/openid-authentication-2_0.html#positive_assertions</a>)<br><div>you will get param "<span style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">openid.claimed_id</span>", that one contains the openid url that after this patch is unique per user</div><div><br></div><div>regards</div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-16 4:44 GMT-03:00 Vladislav Kuzmin <span dir="ltr"><<a href="mailto:vkuzmin@mirantis.com" target="_blank">vkuzmin@mirantis.com</a>></span>:<div><div><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><div dir="ltr"><span lang="en"><span>In this</span> <span>ticket</span> <a href="https://storyboard.openstack.org/#%21/story/2000239" target="_blank"><span>https://storyboard.openstack.org/#!/story/2000239</span></a> <span>is mentioned</span> <span>only</span> <span>about</span> <span>OpenID.</span></span> If I will be use OAuth2.0, how I can distinguish between users? <br>I guess that User API <a href="http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api" target="_blank">http://docs-draft.openstack.org/99/165199/7/check/gate-openstackid-docs/8797c5d//doc/build/html/restapi/v1.html#user-api</a> should provide an ID for each user.</div></span><div class="gmail_extra"><br><div class="gmail_quote"><span>On Wed, Apr 15, 2015 at 9:17 PM, Sebastian Marcet <span dir="ltr"><<a href="mailto:smarcet@gmail.com" target="_blank">smarcet@gmail.com</a>></span> wrote:<br></span><div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello!<div><br></div><div>here is the ticket that we opened <a href="https://storyboard.openstack.org/#!/story/2000239" target="_blank">https://storyboard.openstack.org/#!/story/2000239</a></div><div><br></div><div>regards</div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-15 12:54 GMT-03:00 Jeremy Stanley <span dir="ltr"><<a href="mailto:fungi@yuggoth.org" target="_blank">fungi@yuggoth.org</a>></span>:<div><div><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 2015-04-15 10:08:08 -0500 (-0500), Jimmy McArthur wrote:<br>
> Hello!  We are trying to open a ticket for this, but it looks like<br>
> Launchpad for OpenStackID isn't configured yet. Can you let us<br>
> know what we need to do to set that up?<br>
</span>[...]<br>
<br>
Task tracking for all "openstack-infra" repos moved from Launchpad<br>
to Storyboard late last year once its development grew closer to<br>
general usability. Log in at <a href="https://storyboard.openstack.org/" target="_blank">https://storyboard.openstack.org/</a> and<br>
then add a story at <a href="https://storyboard.openstack.org/#!/project/728" target="_blank">https://storyboard.openstack.org/#!/project/728</a><br>
for the openstack-infra/openstackid repo (looks like there are none<br>
active for that Git repo currently).<br>
<span><font color="#888888">--<br>
Jeremy Stanley<br>
</font></span></blockquote></div></div></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr">Ing. Sebastian Marcet<br><br>SKYPE: sebastian.marcet</div></div>
</font></span></div>
</blockquote></div></div></div><br></div>
</blockquote></div></div></div><div><div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr">Ing. Sebastian Marcet<br><br>SKYPE: sebastian.marcet</div></div>
</div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Ing. Sebastian Marcet<br><br>SKYPE: sebastian.marcet</div></div>
</div>