1

I need to ask a very quick question. You know, in many cases, on a thirdparty custom built site, we have to use foreign keys to associate different types of information with user. For example, in a blog application, we associate UserID with Post records. My question is How do we get a UserID if authentication is done using OpenID?.

I am new to Single Sign On solutions so I want to think in the right direction. Your response will really really be appreciated.

Bo Persson
  • 90,663
  • 31
  • 146
  • 203
D3 K
  • 682
  • 1
  • 12
  • 19

2 Answers2

0

I haven't worked with Single Sign On implementations, but just scanning the documentation for OpenID seems to suggest that you can register attributes to correspond with an OpenID account.

From OpenID Attribute Exchange

An attribute is a unit of personal identity information that is identified by a unique URI. It may refer to any kind of information. A reference example of defining attribute types is provided by [OpenID.axschema].

This service extension defines two message types for transferring attributes: fetch (see Section 5) and store (see Section 6). Fetch retrieves attribute information from an OpenID Provider, while store saves or updates attribute information on the OpenID Provider. Both messages originate from the Relying Party and are passed to the OpenID Provider via the user agent as per the OpenID Authentication protocol specification.

0

You can't get a numeric id. The user's unique identifier is his identity url (i.e. his OpenID). Of course, you can associate it with a number in your database, but you have to generate that number yourself.

Mewp
  • 4,715
  • 1
  • 21
  • 24
  • Thats right, but I need to give user ability to login using Google, OpenID, Facebook and Yahoo. Should I have to associate each email/identity with my Local DB ID? Sorry for asking such a basic question. I am really new to this tech and I don't see any basic explanation any where. – D3 K Sep 05 '11 at 04:21
  • Firstly, facebook [isn't an OpenID provider](http://stackoverflow.com/questions/1827997/is-facebook-an-openid-provider), so my answer doesn't apply to it. And yes, you should associate the identity with your Local database id. However, just to be sure that you understand: identity is not an email address, and usually has little or no relation to it. If you want to know more about OpenID, I suggest [searching SO](http://stackoverflow.com/search?q=how+openid+works). – Mewp Sep 05 '11 at 08:25
  • 1
    Also, be aware that OpenID is an authentication mechanism, and nothing else. That means the only thing it does is that it verifies some identity. The only thing it returns (without extensions) is a boolean telling you whether the authentication has succeeded or not, and the identity that was verified. So it's your responsibility to maintain a session, store the user's data in a database, etc. – Mewp Sep 05 '11 at 08:29
  • I read this article: http://remysharp.com/2007/12/21/how-to-integrate-openid-as-your-login-system/ He uses an "Identity" field to join openids and user table. I need to know what that identity is ??? Is that identity unique to all OpenID providers ??? – D3 K Sep 06 '11 at 02:59
  • The identity, or Claimed Identifier, is unique to the user. It's an url, so under normal circumstances it's globally unique, and that implies that it's also unique to all providers. As for what it is, it's what's usually called someone's OpenID. – Mewp Sep 06 '11 at 16:23