OpenID and OAuth: What's the difference?

I’m currently in the middle of upgrading ConceptHQ Accounts to accept a small subset of third party identity providers. Microsoft Account (previously Windows Live ID), Google, Facebook, and Twitter. However they all have a slightly different ways of allowing you to authenticate users with them. Facebook: OAuth 2.0 Twitter: OAuth 1.0A Microsoft Account: OAuth 2.0 Google: OpenID Google is the only IdP there that supports OpenID however they are actively encouraging developers to move towards using “Google+ Sign-in” which is an OAuth provider. [Read More]

The problem with absolute token expiration in Windows Identity Foundation (WIF)

The problem While developing CronHQ we initially had problems with our Facebook integration. Rule #6 of the Facebook guidelines require us to provide an explicit logout link. 6. Your website must offer an explicit “Log Out” option that also logs the user out of Facebook However Azure ACS 2.0 doesn’t really support single sign out making the requirement a little harder to meet. This isn’t just Facebook being difficult, it makes sense to enforce this on every identity provider that we federate with. [Read More]

Single sign out with Azure ACS

The problem While developing CronHQ we initially had problems with our Facebook integration. Rule #6 of the Facebook guidelines require us to provide an explicit logout link. 6. Your website must offer an explicit “Log Out” option that also logs the user out of Facebook However Azure ACS 2.0 doesn’t really support single sign out making the requirement a little harder to meet. This isn’t just Facebook being difficult, it makes sense to enforce this on every identity provider that we federate with. [Read More]