开发者

What to follow OpenID vs Oauth(v1 & v2)?

I have noticed that all the big websites are using Openid instead of Oauth.

I have my implementation of oauth for both Google and Facebook.

My requirement :

  • Authenticate the users with Google / Facebook
  • Manage simple user profiles f开发者_Python百科or the users on my website, pre-populated from Google/Facebook.

What should I go for Oauth or Openid ?

When to follow oauth ?


They are used for different goals.

OpenID is used to authenticate SomeUser on your site, asking some other site for the proof of the user's identity.

OAuth is used to grant SomeOtherParty (e.g. other site or application) a permission to do something on behalf of SomeUser on your site (this implies that SomeUser is already somehow authenticated on your site).

Some more comments, for the author's request:

You cannot choose "OAuth to authenticate users", since OAuth is not a user authentication protocol (despite the 'auth' in its name).

With OpenID you can authenticate a user with virtually any OpenID provider without any modifications to your code.

If you choose to authenticate users using Facebook OAuth, you are not actually authenticating users. You are asking users to get your application some access to user's profile on the facebook. You are accessing Facebook services to fetch user information. This means, that if you want to use another OAuth provider service to authenticate users, you will never be able to do it without writing new "authentication" code (except for the case when the new providers supports APIs identical to facebook).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜