Update: This has been implemented at identitu.de. I’m not sure if the implementation details are exactly as described in this post, but they seem so. See (de)railed blog for details.

Facebook does not officially support OpenID. But would the Facebook Platform make it possible for 3rd party developers to implement OpenID App on top of it? I’ve been thinking about this lately while reading the API documentation. I think it is not possible to implement OpenID consumer, so those of you who wanted a way how to log in to Facebook with their existing OpenID might now stop reading.
OpenID provider on the other hand should be possible. According to Authentification description in the documentation:

In order for a Facebook API client to use the API, the user of the client application must be logged in to Facebook. To accomplish this, direct your users to: http://www.facebook.com/login.php?api_key=YOUR_API_KEY&v=1.0, which will prompt the user to log in if necessary.

After successfull login it is possible to retrieve all user date with facebook.users.getInfo method and thus verify the user’s identity.

So the complete workflow looks like this:

1. User enters OpenID enabled site (OpenID consumer) such as this blog, Zooomr, Jyte or whatever.
2. He enters his OpenID URL such as http://www.f8ID.org/700107342. The number is his facebook profile number and the domain is a domain of the hypothetical OpenID App service provider (the domain is free as of writing this).
3. The consumer site redirects him to f8ID according to OpenID protocol.
4. f8ID redirects him to Facebook login page.
5. User logs in with his Facebook password.
6. Facebook redirects him back to f8ID.
7. f8ID calls the Facebook getInfo method and verifies that this session has the the same profile number as is in the OpenID URL. If they are equal f8ID redirects back to original OpenID consumer site according to OpenID protocol.

This might seem complicated and unintuitive. But as with OpenID in general, the theoretical description puts off average internet user, but practical use is much easier to understand and use. I practice the user is involved only in step 2 and the first time of the day also in step 5. The rest is transparent to him.

So technically implementing this is possible, but would anybody actually use it? I’m not sure. There are many OpenID providers to chose from. This app would have just one advantage – one can use just one password for OpenID, one password that you need to have anyway. In principle it is very similar to idproxy.net, which turns Yahoo ID into OpenID. I can’t find the numbers, but I guess that only a very small fraction of Yahoo users use idproxy.

Please share your opinion. Would you consider using Facebook as OpenId server?