But no matter what, even with oAuth I will need to log in using a web browser at some point in order to get that key/secret combination, won't i? Unless there are providers that offer programmatic log in?
Yes, this is sort of the idea - your RP will use a server plugin that lets it act like a web browser to contact the OP (but only for discovery; login itself still has to take place with the user delivering authentication payloads).
-Shade _______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
