99

I am a little curious to know about how OpenID authentication works.

Is there any difference between OpenID authentication and the authentication which sites use exclusively for themselves?

Paolo Forgia
  • 6,572
  • 8
  • 46
  • 58
Biswanath
  • 9,075
  • 12
  • 44
  • 58
  • Not a dup, but this one is very useful http://stackoverflow.com/questions/318677/what-are-the-dangers-of-using-openid-for-your-website – Paul Tomblin Dec 09 '08 at 19:23
  • I think this is a dupe: http://stackoverflow.com/questions/123671/how-is-openid-implemented If no one disagrees then I'll close it in a few. – EBGreen Dec 09 '08 at 19:25
  • 1
    The link is more how to implemented open id. Here is how it works (how open id works with authentification and not how it works if someone would like to add it to his website). I think? – Patrick Desjardins Dec 09 '08 at 19:33
  • Ehh...that's fine. I was borderline anyway. I have a feeling a lot of the answers will cover the same info. – EBGreen Dec 09 '08 at 19:35
  • I think it's a duplicate from this one : http://stackoverflow.com/questions/69076/openid-login-workflow – Patrick Desjardins Dec 09 '08 at 19:37
  • If you think it is I will transfer my answer to the other one. You choose EBGreen. – Patrick Desjardins Dec 09 '08 at 19:38
  • If there is enough ambiguity that we both thought differently then I say leave it as is. It would be nice if the OP would come along and decide if one of those other questions suited his needs. – EBGreen Dec 09 '08 at 19:40

1 Answers1

100

What is OpenID?

OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already creating identities for themselves whether it be at their blog, photostream, profile page, etc. With OpenID you can easily transform one of these existing URIs into an account which can be used at sites which support OpenID logins.

OpenID

Difference between OpenID and conventional authentification form?

The difference is that the identification will be decentralized to an external site (for example Wordpress, Yahoo, ...). The website will know whether or not the identification is OK and let you login. Conventional website authentication performs a comparison with data held in a private database, so your username and password can be used to login to this website only. With OpenID you can use the same credentials on multiple websites.

How it works?

Steps

  1. User connects to OpenID enabled website.
  2. User enters credential information.
  3. A POST is made with a BASE64 (website to provider)
  4. An answer is built (that contains expiration)
  5. The website redirects the user to the provider to login.
  6. User enters password and submit.
  7. Verification is done.
  8. Login!
Community
  • 1
  • 1
Patrick Desjardins
  • 136,852
  • 88
  • 292
  • 341