PS: I understand the concept of OpenID authentication and Oauth authorization (I think). And I use facebook as an example of Oauth
The trend for websites was that you sign up for login with facebook, but during the sign-up process (after getting permission and member information from your facebook account) they still ask you to choose a username and password, which creates a local user and "connects" this user with a facebook account.
But now I noticed that during the registration process for websites like buzzfeed and even stackoverflow, they seem to do full authentication with facebook. You grant website permission for your facebook account and you are now logged in (as a user on facebook)
update (authorization for authentication has been fixed): Does this mean that the facebook connection now performs "authentication"? and does this mean that users are no longer stored locally?
source
share