tags:

views:

40

answers:

1

stackoverflow,

I am experimenting with implementing OpenID in my existing site. I have looked at Plaxo's article on this very subject and I'm a mite confused about something.

I am using this PHP OpenID library. I have some code running, and I am getting a unique OpenID back.

From myopenid.com, I am getting an id that looks like https://mecablaze.myopenid.com/

But from Yahoo and Google, I am getting an ID that much more cryptic, e.g. https://www.google.com/accounts/o8/id?id=AItOawlbp1cxujdJWDnpx72xVROOw-5V_WzIDZA

Are Google's and Yahoo's "gibberish" ids unique for every login user, i.e. is this the value that I use to tie in with existing user on my web app?

+3  A: 

openid_identifier is a URL. It may be readable or may be cryptic, it's up to OP to decide. And yes, canonicalized URL is what you use as a key.

Michael Krelin - hacker
That's exactly what I needed to know. So the ID I get back from Google is static for each user, i.e. it isn't session based or anything?
Joel Verhagen
Yes, the idea of OpenID is that it's persistent and asserts user's identity, so it can't possibly be session-specific.
Michael Krelin - hacker
Although there is an important thing to know about Google's /accouns/o8/id identifiers, which is that they vary with the `openid.realm`. See http://groups.google.com/group/google-federated-login-api/web/the-most-important-technical-issue-in-using-the-google-accounts-api?pli=1
keturn
+1, Kevin (and some characters to make comment valid).
Michael Krelin - hacker