We saw in Chapter 11 how OpenID works in a simple end-to-end example, so in this chapter let’s take that example further and see how OpenID works in conjunction with OAuth to perform a standard task: using a provider such as Yahoo! to capture an end user’s full profile.
We’ve already seen how we can capture a user’s simple profile data using standard OpenID with the Simple Registration and Attribute Exchange extensions, but tacking on OAuth to the process will allow us to capture much more data than we can through OpenID alone. In this implementation example, we’ll apply these two technologies as follows:
OpenID authentication will allow our end users to sign in through different providers.
OAuth 1.0A authorization will enable us to capture or set any private user information that we may need in our application.
For this example, we’ll cut out two of the OpenID extensions (Simple Registration and PAPE) that we used in our straight OpenID example in Chapter 11.