Identifying Your Users
In the olden days (just five years ago in Web terms), Web sites often had a registration form that each user had to fill out before she could get started on that Web site. That user would have to reenter her name, address, and other types of profile information for each Web site visited. This was a painful process, so much that many of the browsers began to store some of this information and autopopulate forms for the user as he or she surfed the Web.
As the Web evolved, sites like Facebook began to provide application programming interfaces (APIs) and other means to allow Web sites to access this data on behalf of the user. Protocols such as OpenID and OAuth came about, and very quickly it became much less necessary for Web sites to require users to reenter their information on every Web site they visited.
OpenID is a way for developers and Web sites to identify their users, without users ever having to store their information on the Web site that they're logging in to. At a raw level, users can enter a Web site, such as Gmail.com, and they'll automatically be redirected to Google to authenticate with their Google username and password. Google then redirects them to your site with some basic information about the users.
Although OpenID is about authenticating users, OAuth is about authorizing users. Many sites have moved from a model of just authenticating ...
Get Facebook® Application Development For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
