O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The OpenID OAuth Hybrid Auth Flow

Let’s take a look at the flow that makes up the OpenID OAuth hybrid extension. By breaking down the different exchanges that take place in this overall flow, we will be able to see how the individual OpenID and OAuth processes combine to generate this model.

As with the separate OpenID and OAuth flows, there are three participants in the OpenID OAuth hybrid flow that we will be working with and describing throughout this chapter:

The user

This is the end user who is attempting to sign in to a site or service using one of the OpenID providers and allow the application to access and/or set his personal information on his behalf.

The relaying party

This is the hybrid auth consumer site that implements the OpenID login to the provider in order to allow a user to authenticate his account, and the OAuth authorization to access and set additional information for that user.

The hybrid auth provider

This is the site or service that contains the membership database that the relaying party will authenticate against to log in and authorize the user to access and set his personal information.

Now that we’re reacquainted with the players in this exchange, let’s start our hybrid auth overview by looking at the first two steps of the process, which mirror our initial OpenID steps from Chapter 11.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required