I could connect to the Yahoo OAuth from my website.
But I don't know how to access just the email and username of the end user.
Just like what Stack Overflow does when allowing logging in using Yahoo.
Which Yahoo OAuth Permissions(Scopes) does that?
AFAIK, Stackoverflow uses OpenID for the login, not OAuth.
To get the email and name of the user from the OpenID Identity Provider (Yahoo in this case), there are two possible mechanisms:
Simple Registration
Attribute Exchange
By looking at the redirection URL, it seems that, with Yahoo at least, Stackoverflow uses Attribute Exchange and requests these attributes:
http://schema.openid.net/namePerson
http://schema.openid.net/contact/email
http://axschema.org/namePerson
http://axschema.org/contact/email
Related
I'm trying to authenticate my user on my site using StackExchange OAuth API.
Everything works fine when the user signs up for the first time. At this point, I get the "access token", which I save in my DB.
But the next time the user signs in, access token value is actually different to the previous one. Is it supposed to be like this?
If then, how do I check for existing users who already have signed up using StackExchange?
I can get the user's information by giving a specific site name (e.g. 'stackoverflow'). But what if I don't have that information and I need to check that the user has already signed in via StackExchange?
Is there a "user" information that I can get given an accessToken?
The StackExchange OAuth implementation is not meant to authenticate users to 3rd party applications but instead it is about authorizing those 3rd party applications to get access to the StackExchange API.
The access token that you get is not a token that represents a currently logged-in user, it represents the permission to access the API on behalf of the user gave it to your application. This is the classical confusion about the scope of OAuth 2.0 which is discussed in detail here: http://oauth.net/articles/authentication/.
In summary: you can't use OAuth or the StackExchange access token to authenticate users.
StackExchange does support the OpenID protocol to facilitate the purpose that you are looking for, see https://openid.stackexchange.com/. The downside of that is that OpenID is a deprecated protocol, superseded by OpenID Connect. OpenID Connect is an authentication protocol that is actually built on top of OAuth 2.0, but is not yet supported by StackExchange.
I am using google appengine java web application. I'm trying to put OpenId authentication withIn my project. I am using scribe to make this happen. I am able to get the Access Token from the google, yahoo, twitter Service Providers.
After getting the Access Token, I need to get the currently logged-in user email address. I'm using OAuth2.0 for google, OAuth1.0a for yahoo and twitter.
Any suggestions would be appreciated.
Google :
https://www.googleapis.com/oauth2/v3/userinfo?access_token={0}
Twitter :
Twitter does not expose an endpoint that provides the user's email address. Not even the profile endpoint. Below is an extract from the Twitter's FAQs page...
If you'd like a user's email address, you'll need to ask a user for it within the confines of your own application and service. The Twitter API does not provide the user's email address as part of the OAuth token negotiation process nor does it offer other means to obtain it.
Yahoo :
I don't think it exposes the user's email address either. Yet, the endpoint to retrieve the user's profile is...
http://social.yahooapis.com/v1/user/{guid}/profile
You can find more info here. http://developer.yahoo.com/social/rest_api_guide/extended-profile-resource.html
I'm trying to wrap my head around OpenID and OAuth.
From what I understand, OpenID only says that you are a user of the OpenID provider.
So if I log into a site using an OpenID, all it will return is "yes, this person is a user of X site."
If I want to retrieve a users email address, I would need an authorization as well, which is where OAuth comes in.
All that being said, does this imply that if an OpenID username is an email address, there is no way to retrieve that information without OAuth as well?
Here's a good post about OpenID vs OAuth.
From what I understand, OpenID only says that you are a user of the
OpenID provider. So if I log into a site using an OpenID, all it will
return is "yes, this person is a user of X site."
It depends on who you're using as an OpenID provider and whether they support Attribute Exchange - which allow a relay party to ask for additional attributes about a user (e.g. their email). Here's a SO question asking about Google/Yahoo supported Attribute Exchange values.
All that being said, does this imply that if an OpenID username is an
email address, there is no way to retrieve that information without
OAuth as well?
Again, it depends on who you're using OpenID/Oauth (and possibly which version of each protocol too). OpenID providers don't necessarily have to use emails as usernames, and it's possible for a provider to provide both email in their OpenID and OAuth implmentations. For example Google allows retrieval of email address via OAuth2 in addition to providing email in it's OpenID Attribute Exchange.
Im having a bit of trouble figuring out how to get an OAuth access token for a Yahoo user who has created an account with Google or Facebook Sign-in. I've followed the OAuth flow described in the documentation, however this seems to only apply to users who have created a Yahoo account directly.
Has anyone else had trouble getting an access token for a user who has used Google or Facebook to sign into Yahoo?
I've looked at the OAuth + OpenID flow but I'm having trouble at the point where I should perform discovery. How would one receive an request_token for yahoo with a user who signs in via a Google OpenID?
Anyone else experienced this issue?
The only way I can see this happening is if Yahoo at some point allows Facebook and Google authentication in the OAuth authorization step. That would at least be the simplest way forward for an API consumer application.
The OAuth + OpenID flow will not help you I am afraid, it only works for Yahoo OpenIDs. I guess it could at least theoretically work for Google OpenIDs (if Yahoo implemented that), but Facebook is not even an OpenID provider.
I think Yahoo's stance on this is sound. They provide API access to users that they themselves have provisioned. I don't think you will find many API providers out there who will have a different strategy.
I have implemented Google openid authentication for my web application (ruby on rails) , now once authenticated how am i suppose to get the status of that particular user ? like if the user which has been authenticated is a domain admin or not ? i have googled it a bit and came up with Google provisioning ApI and ClientLogin authentication process.... but in case of Clientlogin authentication one has to provide username#domain.com plus the password in the function...
In all i want to know, is their a way to know that a person authenticated by Openid is a domain owner or not ??
According to the open-id specs these are the attributes you can retrieve from your open-id provider (Ex: Google).
http://www.axschema.org/types/