[OpenID] linking an openid to an existing account

Dan Ragle dragle at jupitermedia.com
Fri Jul 18 14:01:12 UTC 2008 

P.S. - per section 11.5 of the OpenID specs:

    "The Claimed Identifier in a successful
     authentication response SHOULD be used
     by the Relying Party as a key for local
     storage of information about the user.
     The Claimed Identifier MAY be used as a
     user-visible Identifier. When displaying
     URL Identifiers, the fragment MAY be
     omitted."

Cheers!

Dan

> I have a question about best-practices. 
> 
> Consider a website with an existing user base. You want to provide the 
> users an alternate means of authentication with an OpenID (e.g. replacing 
> existing password-based authentication), so you show them a page (after 
> they've authenticated) which says "Link an OpenID to your account". 
> 
> The user authenticates with an OpenID, and the site associates <something> 
> with the user's existing account so that in the future OpenID 
> authentication can happen as the primary login and the same <something> 
> can be used to figure out which user account to login as.
> 
> My question is what is the best thing to use as <something>. There are 
> options, most with certain limitations, and I wanted to see if the 
> community has a general pattern or recommendation.
> 
> For example, the <something> could be (non-exhaustive):
> 
> 1. The "as-typed-in-by-the-user" user-supplied identifier. This has 
> limitations that a user can have multiple user-supplied identifiers that 
> normalize to the same id, and they can confuse themselves (e.g. 
> shane.myopenid.com = http://shane.myopenid.com). This doesn't work well 
> with OP identifiers.
> 
> 2. The claimed identifier after discovery. This doesn't play well with 
> delegation if a user switches OP's but keeps their user-supplied 
> identifier.
> 
> 3. Some other combination?
> 
> Your thoughts appreciated.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list