I would like to implement user authentication using OpenID.
Is there anything unique in user data that OpenID provides that I could use as a key to remember and identify the users? I was thinking of using the email but the user could change it.
I would like to implement user authentication using OpenID.
Is there anything unique in user data that OpenID provides that I could use as a key to remember and identify the users? I was thinking of using the email but the user could change it.
The user's OpenID identity is what you should use for this purpose.
This is either the URL entered as an identity, or returned as claimed_id
when available. In either case, actually store the identity only after a successful authentication.
Refer to section 7.2 and 7.3 of the OpenID 2.0 Specification for more information.
However, as pointed out by Stephen in the comments, you will need to generate an unique ID yourself if you want to associate multiple identities with a single user.