I'm trying to wrap my head around OpenID and OAuth.
From what I understand, OpenID only says that you are a user of the OpenID provider. So if I log into a site using an OpenID, all it will return is "yes, this person is a user of X site."
If I want to retrieve a users email address, I would need an authorization as well, which is where OAuth comes in.
All that being said, does this imply that if an OpenID username is an email address, there is no way to retrieve that information without OAuth as well?
Here's a good post about OpenID vs OAuth.
From what I understand, OpenID only says that you are a user of the OpenID provider. So if I log into a site using an OpenID, all it will return is "yes, this person is a user of X site."
It depends on who you're using as an OpenID provider and whether they support Attribute Exchange - which allow a relay party to ask for additional attributes about a user (e.g. their email). Here's a SO question asking about Google/Yahoo supported Attribute Exchange values.
All that being said, does this imply that if an OpenID username is an email address, there is no way to retrieve that information without OAuth as well?
Again, it depends on who you're using OpenID/Oauth (and possibly which version of each protocol too). OpenID providers don't necessarily have to use emails as usernames, and it's possible for a provider to provide both email in their OpenID and OAuth implmentations. For example Google allows retrieval of email address via OAuth2 in addition to providing email in it's OpenID Attribute Exchange.