Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

If OpenID, what user data do I still need to save

Tags:

authentication

php

web-applications

openid

login

I'm trying to understand if OpenID is good for me. Right now the site has a normal registration process, and I ask the user for data I need like his email, name, username, age, etc. I then make him verify his email. All this data is stored in the database.

When I start using OpenID, this is what I understand I'll need to do:

  1. I won't need to store any password-related data
  2. I can still have an email field in my database, and I will get the email by asking the OpenID provider directly? right?
  3. Can I still ask the user for any additional details I want, like getting him to choose a username and all that?

Any thing you noticed, and you can tell me about so I understand this better?

like image 747
sameold Avatar asked May 28 '11 22:05

sameold

People also ask

What is OpenID and how does it work?

OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. Targeted toward consumers, OIDC allows individuals to use single sign-on (SSO) to access relying party sites using OpenID Providers (OPs), such as an email provider or social network, to authenticate their identities.

What is the difference between OpenID and OpenID Connect?

The OpenID Connect flow looks the same as OAuth. The only differences are, in the initial request, a specific scope of openid is used, and in the final exchange the Client receives both an Access Token and an ID Token. As with the OAuth flow, the OpenID Connect Access Token is a value the Client doesn't understand.

What does an OpenID provide?

Web apps: OpenID Connect provides great support for modern web applications, which often run within a single page and have a great deal of JavaScript, such as Gmail. Mobile: OpenID Connect provides great support for native mobile applications running on iOS and Android.

Is OpenID safe?

Minimize Password Security Risks With OpenID, passwords are never shared with any websites, and if a compromise does occur, you can simply change the password for your OpenID, thus immediately preventing a hacker from gaining access to your accounts at any websites you visit.

1 Answers

  • The OpenID provider will give you the user's email, but only if you ask for it.
  • There's nothing preventing you from collecting additional user data after the user logs in with OpenID. If you log in to Stack Overflow for the first time and do so using OpenID, you'll be prompted for a username and other information after the OpenID provider does the authentication.

The provider will give you a unique ID for each user - this you need to save. It's how you will match up the user that just logged in with a record in your database.

I've found OpenID by itself to be rather complicated. This PHP class makes it really easy if the only provider you want to use is Google. That webpage also includes a tutorial.

like image 182
Sam Magura Avatar answered Sep 19 '22 05:09

Sam Magura
Sign in to Comment

Related questions

Sending scrape request for getting torrent's seeds and peers
How can I eliminate CakePHP's "SHOW FULL COLUMNS" queries?
Issue converting ICO to PNG using PHP
Showing a progress wheel while page loads
How to download PDF File Generated from TCPDF (PHP) using AJAX (jQuery)?
Security: How to validate image file uploads?
FastCGI, SCGI,
Multi-process php with libevent
How to Get Body of email from Pipe to program
web service unicode characters display as question marks
help simplify if while list loop in wordpress
MySQL: How to get rows repeated x times
Selective get in cassandra faster than normal get?
Removing content from database, security precautions
__set/__get with array properties
How to rewrite from http requests to https on specific pages of my site?
Doctrine 2 validation
Slow MYSQL query with sub queries using COUNT
Extracting pictures/images within an Excel file (xls) using PHP
Preprocessing PHP to remove functionality from built files

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!