I am using OpenID authentication for a website and I want to get the user's email address. All email addresses from our users are accessible via a regular hash page email link.
Now, as a rule, email addresses returned by OpenID providers through SimpleRegistration or AttributeExchange are not "trustworthy" because anyone can start the provider and add an identity with any email address that they like. But can you be sure that the addresses returned by Google or Yahoo providers (or possibly other large ones) will return the already verified gmail.com/yahoo.com addresses, so I can skip the activation-click-hash link for these suppliers?
source
share