Thursday, July 11, 2019

Today I mainly continued working on #3110. See Friday, July 12, 2019.

About OpenID & Co.

I saw Cheat sheet: Getting started with Raspberry Pi and wanted to download the document. They want to know who I am. Okay, why not. But I’d like to use OpenID to tell them who I am. Because I want to learn. Here are my reading notes.

OpenID

A series of technologies provided by the OpenID Foundation.

OpenID Foundation

The OpenID Foundation (OIDF) “promotes, protects and nurtures the OpenID community and technologies.”

They don’t provide themselves OpenID servers, they maintain a list of providers. Google and Microsoft are among the providers.

OpenID Connect

An interoperable authentication protocol based on the OAuth 2.0 family of specifications.

It is the successor for the deprecated OpenID 2.0. It is easier to integrate than its predecessors.

It uses straightforward REST/JSON message flows.

It allows clients to verify the identity of an end user based on the authentication performed by an authorization server. It also provides basic profile information about the end user using a REST API.

Final specifications were launched in February 2014. The certification program was launched in April 2015. Google, Microsoft and others were the first to self-certify conformance.

OAuth 2.0

An authorization framework (not an authentication protocol).

Google’s OAuth 2.0 implementation for authentication is OpenID Certified and conforms to the OpenID Connect specification.

Okay, Google knows me, and they do OpenID Connect, so it should work.

On the opensource.com site I select “Log in using OpenID” and type my google.com email address. But they say “Sorry, that is not a valid OpenID. Ensure you have spelled your ID correctly.”

Something is missing.

How does Google implement OpenID Connect? The OpenID Connect page (developers.google.com) doesn’t help me, it is meant for the developers at opensource.com.

In the Google API console at https://console.developers.google.com I had already previously two projects “Lino team*” and “quickstart”.

The IBM Knowledge Center explains that I must enable another API in my Google console, the “Identity Toolkit API” (“lets you use open standards to verify a user’s identity.”).

That sounds right. Enable. Try again to get my cheat sheet. Nope.

So I am locked and should ask somebody to help me get out of here. Enough for this time.

Sources: