OpenID versus oAuth 2
Manuel Lemos
mlemos at acm.org
Mon May 17 04:03:41 UTC 2010
Hello,
With this thread of using oAuth 2 for identity I am confused to which
protocol should I use for a single sign-on solution that I need to
implement.
Let me explain my case and see if anybody can clarify what is the best
solution for me.
I have one site, lets call it site A, that has many user accounts. I
want to build another site, lets call it site B, but I do not want users
with accounts in site A to create new accounts to access site B. They
could just use the same account data from site A and use it in site B.
In the future I may have sites C, D, etc..
I thought of creating an OpenID authentication server, lets call it OP,
and migrate user account from site A to OP. When users go to site A or B
and need to login, they are redirected via OpenID to OP for authentication.
If successful, OP passes site A or B the account, personal name, nick
name and e-mail when redirecting back to sites A or B, so those sites
always have copies of that account information for imediate use.
If the user updates one of those details in site A or B, they push the
changes to OP and OP propagates the changes to the other site A or B
that also has the same user account.
>From the specifications that I read, OpenID and its extensions can be
used the way I need.
This will all be used only within my network sites. I do not intend to
allow users to autheticate with external OpenID providers, nor I want
other sites to use my OpenID provider to authenticate in other sites.
Since this is meant for use restricted to my sites, I could invent a
proprietary protocol, but I thought it was better to not reinvent the wheel.
I will develop all the necessary components to implement the OpenID
provider and consumers with the needed extensions. Actually the consumer
component is mostly done.
I was moving to the OpenID provider component when I noticed this thread
of using oAuth 2 for identity. So now I wonder if I am in the right
path? Shall I keep doing it with OpenID or shall I do it with oAuth 2?
Can anybody please shed some light so I can make the best decision?
--
Regards,
Manuel Lemos
Find and post PHP jobs
http://www.phpclasses.org/jobs/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
More information about the specs
mailing list