VZ-Login allows your users to sign up and log in to your web site using their VZ credentials.
Authentication and Authorization
Authentication and authorization is based on the emerging OpenID Connect protocol, which is based on the OAuth 2 specification. See OpenID_Connect for details. For security reasons you must assure that Authorization-, Token and API Endpoints that are secured through OAuth 2.0 are access through SSL and that you are verifying the server certificates. Otherwise your implementation is susceptible to man-in-the-middle attacks.
Alternatively you can also use OAuth 1.0a three-legged authentication to enable users to sign up and log in with their credentials but you will only retrieve an OAuth 1 access token from the authorization endpoint and not an identifier for the authorizing user. However with this access token it is possible to call the OpenSocial REST Api as well, where you can also fetch data for the currently authorized user without knowing his id beforehand (See Gadgets_REST_People#Request).
Client profiles and libraries
VZ-Login can be used with different client profiles which closely resemble the OAuth2 client profiles:
Standard Web Server Profile or OAuth1
This uses the OAuth2 Web Server profile.
See Client_Libraries for a server side library to support you with an implementation.
User Agent Profile
This uses the OAuth2 User Agent profile.
You can register your client application with a normal VZ-Developer account in the Developer Sandbox under "VZ-ID Services".
Connect VZ-Login with an OpenSocial Gadget
You should use one of the following Login Buttons as a starting point for the VZ-Login flow: