tags:

views:

248

answers:

3
+2  Q: 

OpenID login workflow?

When someone logs into a site using Open ID, what goes on behind the scene?

can someone explain to me the work flow/steps of what happens during a typical login from a partner open ID site? (like this site)

i.e. when I login at myopenid, what is passed into this site? how does SO know it was a correct login?

+4  A: 

Jeff Atwood posted a good overview of it here

ranomore  2008-09-16 03:07:21
A: 

Also check out the Logging In section of the OpenID wikipedia entry. (You've probably already read it if you were following links in Jeff's article). :)

ranomore  2008-09-16 03:18:47
+2  A: 

What is OpenId?

OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already creating identities for themselves whether it be at their blog, photostream, profile page, etc. With OpenID you can easily transform one of these existing URIs into an account which can be used at sites which support OpenID logins.

OpenId

Difference between OpenId and conventional authentification form?

The difference it's that the identification will be decentralized to an external site (example Wordpress, yahoo...). The website will know that the identification is ok or not and let you loggin.Conventional authentification form do a comparison to their private database and let you loggin or not. You can only use the loggin-password to this website. With openId you can use the same loggin-password on multiple website.

How it works?

Steps

  1. User connect to OpenID enabled website.
  2. User enter credential information.
  3. A Post is made with a BASE64 (website to provider)
  4. An answer is built (that contain expiration)
  5. The website redirect the user to the provider to login.
  6. User enter password and submit.
  7. Verification is done.
  8. Login!

I wrote this answer for this question but this one is more old, so I pasted my answer over here.

Daok  2008-12-09 19:39:46

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?