OAuth can be used as a bastardized mechanism to do SSO, but it's not really recommended.
OAuth only provides you with tokens, which could later be revoked, effectively destroying the identity that you're relying on. OpenID is the preferred way to achieve SSO because it provides you with a stable, reusable identifier. Twitter uses OAuth for SSO, but it's really kind of a mis-use of the technology, although in practice it kind of solves the problem. Essentially OpenID provides you with identity; OAuth provides you authorization to do things on behalf of a user. Since you're doing something on behalf of a user, you get a kind of temporary identity to do stuff but it's much more fragile than OpenID. Why don't you want to do OpenID? Chris On Fri, Mar 26, 2010 at 10:21 AM, Adam <apcau...@gmail.com> wrote: > We currently use CAS for SSO. I'd like to have SSO into gmail, but do > not want to switch to OpenID. Is it possible to use OAuth to login > users into their gmail accounts? Or is OAuth only meant to retrieve > user data? > > I am currently using SignPost to connect to OAuth... if it matters. > > Thanks. > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- Chris Messina Open Web Advocate, Google Personal: http://factoryjoe.com Follow me on Buzz: http://buzz.google.com/chrismessina ...or Twitter: http://twitter.com/chrismessina This email is: [ ] shareable [X] ask first [ ] private -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
