The Endless Mission Content Portal can also be used as an identity provider for external services (aka, single-sign-on).
The Endless Mission Community (forums website) uses this as the basis for its local user accounts, for example. Community needs to verify that a user has a Content Portal account, get their ID, and access their public profile information. An alternative would be to have Community acquire and use Content Portal API tokens directly, but this would widen the exposure of those tokens to systems that may not be entirely within our control.
We implement the OpenID Connect 1.0 Implicit Flow to authenticate users for external services. The result is a separate verifiable token identifying the user, but not allowing complete API access.
TODO