NationStates OAuth (or similiar service?)

[Afforess]

Just a crazy idea, I'd love to set up regional forums or other websites that could directly integrate with player's NationStates identity, instead of having them create yet another duplicate account. OAuth seems the obvious choice, but anything that worked similarly would be fine too.

Any ideas if this is already possible, or considered?

[Vladisvok Destino]

[Violet] did briefly cover the point of OAuth here and here.

[Afforess]

[Violet] did briefly cover the point of OAuth here and here.

Interesting find. Any idea if any progress was made, or is it still in the concept phase?

[SalusaSecondus]

While we do not (currently) support OAuth, we do support OpenID which may do what you want. Take a look at the bottom of your nation's settings page.

[Afforess]

While we do not (currently) support OAuth, we do support OpenID which may do what you want. Take a look at the bottom of your nation's settings page.

Hm, just OpenID delegation it seems, and it requires effort on the part of the user (bad!). Am I wrong in this assessment?

[SalusaSecondus]

While we do not (currently) support OAuth, we do support OpenID which may do what you want. Take a look at the bottom of your nation's settings page.

Hm, just OpenID delegation it seems, and it requires effort on the part of the user (bad!). Am I wrong in this assessment?

That is correct, however there are many providers out there which people already have including Google, LiveJournal, Yahoo!, and others. As there has been no significant call for any authentication functionality, we're sticking with the simplest solution for now.

[Laevendell]

I'm new to OpenID, but if a user enters their server and delegate information in the settings page, does that mean they'd then be able to log in to another website using the OpenID "www.nationstates.net/nation=Laevendell" (in my case) or would the OpenID be something else (or have I quite misunderstood how the delegation works)?
If my assumptions are correct, does that mean that page (www.nationstates.net/nation=Laevendell) adds OpenID-"<link>"-tags in the header to enable this?

[SalusaSecondus]

I'm new to OpenID, but if a user enters their server and delegate information in the settings page, does that mean they'd then be able to log in to another website using the OpenID "www.nationstates.net/nation=Laevendell" (in my case) or would the OpenID be something else (or have I quite misunderstood how the delegation works)?
If my assumptions are correct, does that mean that page (http://www.nationstates.net/nation=Laevendell) adds OpenID-"<link>"-tags in the header to enable this?

It's been years since I wrote this and tested it, but yes, it should just work. You'd provide your nation's page (as per your example) and that's what would show up.

[[violet]]

While we do not (currently) support OAuth, we do support OpenID which may do what you want. Take a look at the bottom of your nation's settings page.

Can OpenID be used to do some of the things tool authors are clamoring for? I don't know much about it.

There seem to be two usage cases:

1. A third-party site wants to be able to tell whether a user really is "<nation>" or not. E.g. an offsite forum that only lets people sign up under the name of a nation they own.
2. A third-party site/tool wants to be able to access private information or execute actions on behalf of a nation. E.g. a management tool that will log in and answer issues for your puppets, but shouldn't be allowed to change your password.

So #1 is about whether the 3rd party site can trust the user, and #2 is about whether the user can trust the 3rd party site.

OpenID would work for #1 but not #2, is that right?

[SalusaSecondus]

While we do not (currently) support OAuth, we do support OpenID which may do what you want. Take a look at the bottom of your nation's settings page.

Can OpenID be used to do some of the things tool authors are clamoring for? I don't know much about it.

There seem to be two usage cases:

1. A third-party site wants to be able to tell whether a user really is "<nation>" or not. E.g. an offsite forum that only lets people sign up under the name of a nation they own.
2. A third-party site/tool wants to be able to access private information or execute actions on behalf of a nation. E.g. a management tool that will log in and answer issues for your puppets, but shouldn't be allowed to change your password.

So #1 is about whether the 3rd party site can trust the user, and #2 is about whether the user can trust the 3rd party site.

OpenID would work for #1 but not #2, is that right?

This is correct.

[Afforess]

While we do not (currently) support OAuth, we do support OpenID which may do what you want. Take a look at the bottom of your nation's settings page.

Can OpenID be used to do some of the things tool authors are clamoring for? I don't know much about it.

There seem to be two usage cases:

1. A third-party site wants to be able to tell whether a user really is "<nation>" or not. E.g. an offsite forum that only lets people sign up under the name of a nation they own.
2. A third-party site/tool wants to be able to access private information or execute actions on behalf of a nation. E.g. a management tool that will log in and answer issues for your puppets, but shouldn't be allowed to change your password.

So #1 is about whether the 3rd party site can trust the user, and #2 is about whether the user can trust the 3rd party site.

OpenID would work for #1 but not #2, is that right?

It doesn't do use case #1 that well either. The user will have to follow these steps to prove their nation is real:

1.) Users logs onto third party website
2.) Website requests nations open id details
3.) User goes back to nationstates.net, enters in OpenId information into nation settings
4.) User goes back to the third party website, logs in with open id details

That's way too complicated for the average user. OpenID is really the wrong solution, OAuth is the correct solution.

OpenID is a way to specify one identity for multiple sites so you don't need to register over and over again.

OAuth is a way to allow one application access to one account without giving said application your account login information. You can use them in conjunction.

http://softwareas.com/oauth-openid-your ... same-thing

[SalusaSecondus]

I am aware of the differences. However, if you want to let people log into your forums with their NS account, OpenId is a better fit that OAuth (which is a way for them to grant access to their account to the forum). Also, setting up the OpenId delegate is actually much easier than you make it out to be. That said, it's been so long since I've looked at the spec, I can't remember how.

I could see making us an OpenId provider. I consider it currently unlikely that we'll implement OAuth.

[Afforess]

I am aware of the differences. However, if you want to let people log into your forums with their NS account, OpenId is a better fit that OAuth (which is a way for them to grant access to their account to the forum). Also, setting up the OpenId delegate is actually much easier than you make it out to be. That said, it's been so long since I've looked at the spec, I can't remember how.

I could see making us an OpenId provider. I consider it currently unlikely that we'll implement OAuth.

In fairness, I realize OAuth is newer, and that in 2008, it wasn't even released (when you guys added OpenID).

I understand that setting the OpenID delegate is easy, but even a series of super-easy steps is enough to baffle the average user. Rule of thumb is that every step after the 1st one loses you half of your potential viewers. So 4 steps, only 1/8 of people would bother getting that far. Most people would just close the tab, go browse somewhere else. This sucks, but it is the world that we live in.

However, becoming an OpenID provider would improve the situation significantly. This seems like a good step forward.

[Glen-Rhodes]

I could see making us an OpenId provider. I consider it currently unlikely that we'll implement OAuth.

This would actually be really great. I've been wanting to make some voting tools for a long time, but I've never been able to ensure that people are who they say they are. I dabbled with OpenID, but from other implementations I've seen, it was a cumbersome way of doing things. If NS is its own provider, that may make things easier.

Regarding OAuth, I agree that it probably isn't the greatest way of doing things. It takes a lot of work, and I imagine it's even harder trying to add it to an existing system as old as NS is. But I do hope you guys consider a custom build, because there things I would like to do that involve a 3rd party app interacting with NS on the user level.

[Afforess]

Messed around with the OpenId currently already enabled, and yes, it does work. However it's not intuitive for the average clueless user (It wasn't intuitive for me either, and I'd like to pretend not to be clueless). If NationStates was its own OpenId provider/delegate by default though, then users wouldn't need to perform any special steps to log in.