what does it buy us to use openID? are there extra calls? or is it just a way of validating that the user is who they say they are? if the latter, then there might be nothing to do here, other than pass the API requests through some kind of user-permissions model, which may be a task for a much later time (after we've figured out login via openID, and are storing the results in a DB)
what does it buy us to use openID? are there extra calls? or is it just a way of validating that the user is who they say they are? if the latter, then there might be nothing to do here, other than pass the API requests through some kind of user-permissions model, which may be a task for a much later time (after we've figured out login via openID, and are storing the results in a DB)