Here's the deal:
-Flair pretty much demands a Facebook app
-I'm working on learning the Facebook platform

Therefore, I've written a dinky little Facebook app to embed your Flair into a box on the side of your profile. If you're interested and on Facebook; beware that this is very much a work in progress, prone to change and has a whole bunch of rough edges.

However, I don't have an elegant way to say "this is MY Stackoverflow profile" from this dinky app. My current solution is best demonstrated this image. It is, frankly, idiotic; and there's nothing preventing impersonation.

Having no experience with OpenID, I'm wondering if there's some way (and some example of this way, please) to get a user to provide their Stackoverflow identify to a third party?


Behavior changed to that suggested by Noldorin's answer.
Request for a saner way to do this declined on UserVoice.

Comments

I think this belongs on Uservoice?

Written by Daniel A. White

Not really, he's doing this on his own and not asking for SO to do it for him. It's not feedback or a suggestion per see

Written by Malfist

Are you asking for "given an OpenID, determine which SO user"? I don't believe this is possible with the current architecture. The usability of your current solution could be improved by allowing the user to copy-and-paste the entire SO profile URL instead of having to cut out just the ID number... not that it makes a big difference.

Written by ephemient

Accepted Answer

There's no way to get a StackOverflow ID from OpenID and to do the opposite would be possible but unnecessarily complicated (compared to your suggested method). Copying and pasting the user ID/profile URL isn't terribly inconvenient, in my mind.

However, I can suggest some sort of solution to the issue of impersonation. This may seem like a slightly silly method, but it's the simplest way of which I can think to insure that only the user themself can display the badge. Again, I don't think it's too inconvenient. (The more traditional method of using an email confirmation isn't possible, given that emails aren't public.)

  1. Have your Facebook app generate a random (alphanumeric?) code. Something in the form A8IO45QW6T should do.
  2. Hold this code on the server side of your Facebook app for a short time period (say, 5 minutes).
  3. Instruct the user to edit their About Me information by adding the given code to the last line, then to return to the Facebook and confirm. Simple inspection of HTML for the profile page of the specified user would verify ownership. The user can then remove the verification code from their About Me text.

Nice idea creating this Facebook app, by the way. I may just give it a try!

Written by Noldorin
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki