Confirmed users
134
edits
Identity/Profile/Proposal: Difference between revisions
Jump to navigation
Jump to search
→Comparisons
Stomlinson (talk | contribs) |
Stomlinson (talk | contribs) |
||
| Line 26: | Line 26: | ||
== Comparisons == | == Comparisons == | ||
Facebook Connect and OAuth | Facebook Connect[1] and OAuth[2] are two similar projects with similar aims. Facebook Connect is based on OAuth2. While many sites such as Twitter use OAuth for authentication, it's original purpose is authorization. | ||
OAuth enabled sites request authorization to access individual protected resources. When a site requests an OAuth token, each protected resources is explicitly requested using a "scope" parameter [3]. Users are informed of each permission being requested when users are presented with the OAuth dialog - this allows a user to make a decision as to whether they trust a site enough to provide them with personal information. | |||
While Facebook uses OAuth2 as its base protocol, it takes a somewhat relaxed approach to the base level of data that is given to a site without asking for permission. "By default, we give you access to the user's name, picture and any other data they have shared with everyone on Facebook." Additional sites must be requested explicitly [4] | |||
A Facebook Connect enabled site or app will receive the following fields without explicitly requesting additional permission: | |||
id, name, first_name, middle_name, last_name, gender, locale, link (profile URL), username, cover (photo) | |||
Persona would operate in a similar fashion. Name and photo may be given by default, additional fields must be explicitly requested. | |||
OAuth suffers from an all or nothing approach to authorization. A user is unable to approve only a subset of the requested data. | |||
# - Facebook Connect - https://developers.facebook.com/docs/guides/web/#login | |||
# - OAuth2 Spec - http://tools.ietf.org/html/draft-ietf-oauth-v2-26 | |||
# - OAuth2 Spec, Scope Section - http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-3.3 | |||
# - Facebook Connect User Object - https://developers.facebook.com/docs/reference/api/user/ | |||
== User Data == | == User Data == | ||