Facebook OpenID App

Update: This has been implemented at identitu.de. I’m not sure if the implementation details are exactly as described in this post, but they seem so. See (de)railed blog for details.

Facebook does not officially support OpenID. But would the Facebook Platform make it possible for 3rd party developers to implement OpenID App on top of it? I’ve been thinking about this lately while reading the API documentation. I think it is not possible to implement OpenID consumer, so those of you who wanted a way how to log in to Facebook with their existing OpenID might now stop reading.
OpenID provider on the other hand should be possible. According to Authentification description in the documentation:

In order for a Facebook API client to use the API, the user of the client application must be logged in to Facebook. To accomplish this, direct your users to: http://www.facebook.com/login.php?api_key=YOUR_API_KEY&v=1.0, which will prompt the user to log in if necessary.

After successfull login it is possible to retrieve all user date with facebook.users.getInfo method and thus verify the user’s identity.

So the complete workflow looks like this:

  1. User enters OpenID enabled site (OpenID consumer) such as this blog, Zooomr, Jyte or whatever.
  2. He enters his OpenID URL such as http://www.f8ID.org/700107342. The number is his facebook profile number and the domain is a domain of the hypothetical OpenID App service provider (the domain is free as of writing this).
  3. The consumer site redirects him to f8ID according to OpenID protocol.
  4. f8ID redirects him to Facebook login page.
  5. User logs in with his Facebook password.
  6. Facebook redirects him back to f8ID.
  7. f8ID calls the Facebook getInfo method and verifies that this session has the the same profile number as is in the OpenID URL. If they are equal f8ID redirects back to original OpenID consumer site according to OpenID protocol.

This might seem complicated and unintuitive. But as with OpenID in general, the theoretical description puts off average internet user, but practical use is much easier to understand and use. I practice the user is involved only in step 2 and the first time of the day also in step 5. The rest is transparent to him.

So technically implementing this is possible, but would anybody actually use it? I’m not sure. There are many OpenID providers to chose from. This app would have just one advantage - one can use just one password for OpenID, one password that you need to have anyway. In principle it is very similar to idproxy.net, which turns Yahoo ID into OpenID. I can’t find the numbers, but I guess that only a very small fraction of Yahoo users use idproxy.

Please share your opinion. Would you consider using Facebook as OpenId server?

This entry was written by Vaclav Synacek, posted on June 18, 2007 at 8:56 pm, filed under English, OpenID, web2.0. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

5 Comments

  1. thuhn
    Posted June 20, 2007 at 10:02 am | Permalink

    Hello!
    As far as I can see, your OpenID implementation seems to work great.
    Thanks for your submission to “The OpenID Directory“.
    BTW: You can let your readers vote for your site and claim ownership at the same time. If you have not registered your site yourself, claiming ownership enables you to to make changes to your description, thumbnail etc. any time you like :).
    Keep up the good work!
    Thomas Huhn

  2. http://flipzagging.livejournal.com/
    Posted July 5, 2007 at 1:40 am | Permalink

    I just came to the same realization, and Googled for “Facebook OpenID”.

    Not sure how practical it would be — a user would definitely have to install a FB OpenId application. But it would work.

  3. Uno de Waal
    Posted August 6, 2007 at 7:57 am | Permalink

    I had a similar posting a while back. Since then someone I know has actually gone and built this kind of app, but he’s not ready to release yet.

  4. http://sehrgut.co.uk/
    Posted February 6, 2008 at 4:33 pm | Permalink

    While the idea is nice, it seems it would create interminably-long OpenID URLs. Since half of the OpenID equation is the convenience of single-signin, having to type that many characters will put many people off who don’t necessarily care about the security aspects of OpenID. And those of us who do care are probably serving it ourselves anyway. *grin*

  5. http://is.test.wso2.org/user/prabath
    Posted April 12, 2008 at 12:53 pm | Permalink

    Nice thoughts

6 Trackbacks

  1. By OpenID at Basecamp and at Facebook « Changing Way on June 26, 2007 at 4:39 pm

    […] how about Facebook and OpenID? I wondered, and Googled, and found a post about an app to turn Facebook into an OpenID server. That in turn led me back to Jyte, an OpenId consumer I haven’t been to in a while, to agree […]

  2. By Advatar Systems » Blog Archive » Facebook Widgets on July 19, 2007 at 9:34 am

    […] did some googling and immediately came across this: http://vaclav.synacek.com/blog/2007/06/18/facebook-openid-app/ which lays out the implementation of such a […]

  3. By blog » Facebook OpenID App « A Frog in the Valley Internet Stream Pulse on July 22, 2007 at 3:11 pm

    […] blog » Facebook OpenID App […]

  4. By (de)railed » Blog Archive » Social Networks vs Identity Providers on August 7, 2007 at 8:59 pm

    […] http://vaclav.synacek.com/blog/2007/06/18/facebook-openid-app/ […]

  5. By (de)railed » Blog Archive » A Facebook OpenID Provider on August 8, 2007 at 7:50 am

    […] http://vaclav.synacek.com/blog/2007/06/18/facebook-openid-app/ […]

  6. By snow on November 17, 2007 at 4:52 pm

    hi…

    great post…

Post a Comment

Your email is never published nor shared.