Let’s take a look at the flow that makes up the OpenID OAuth hybrid extension. By breaking down the different exchanges that take place in this overall flow, we will be able to see how the individual OpenID and OAuth processes combine to generate this model.
As with the separate OpenID and OAuth flows, there are three participants in the OpenID OAuth hybrid flow that we will be working with and describing throughout this chapter:
This is the end user who is attempting to sign in to a site or service using one of the OpenID providers and allow the application to access and/or set his personal information on his behalf.
This is the hybrid auth consumer site that implements the OpenID login to the provider in order to allow a user to authenticate his account, and the OAuth authorization to access and set additional information for that user.
This is the site or service that contains the membership database that the relaying party will authenticate against to log in and authorize the user to access and set his personal information.
Now that we’re reacquainted with the players in this exchange, let’s start our hybrid auth overview by looking at the first two steps of the process, which mirror our initial OpenID steps from Chapter 11.