OAuth + OpenID + InfoCard

This is an imaginary use case to demonstrate how OAuth,OpenID and InfoCards fit together.

1. User logs into Facebook with his user credentials.

2. User wants to share images from Flickr with Facebook.

3. OAuth comes into act now.

4. Facebook requests Request_Token from Flickr to access user's photos on his behalf.

5. Since user has not authorized the request, Facebook gets unauthorized Request_Token from Flickr.

6. Now, Facebook will redirect the user to Flickr for authentication.

7. User presents his OpenID at Flickr to get authenticated.

8. Flickr redirects the user to his OpenID Provider for authentication - say myOpenID.

9. User authenticates at the myOpenID with a registered Information Card.

10.On successfull login user is redirected back to Flickr.

11.Now, Flickr will ask the user - whether its okay to give Facebook the access to his photos - and once selected 'yes' - user will be redirected back to Facebook.

12.Now, Facebook will request an Access Token from Flickr.

13.Since the user has authorized - Flickr will grant the access token to Facebook.

14.Now, Facebook can access Flickr to get photos on behalf of the user.

15.Let me summarize what each technology is for.

OAuth - a machine authorisation protocol - gives permission for a system to access your account.

OpenID - provides decentralized single sign on.

InfoCards - provides phishing resistant authentication.