How safe is openID?
Is this something that can be used for highly secure information or should it be bypassed for a single site authentication system? This may be a stupid question (as it does not sound secure) but I would like some advice. ...
Is this something that can be used for highly secure information or should it be bypassed for a single site authentication system? This may be a stupid question (as it does not sound secure) but I would like some advice. ...
I am getting the following error on my website: Error importing openid store django_authopenid.openid_store: "No ElementTree library found. You may need to install one. Tried importing ['lxml.etree', 'xml.etree.cElementTree', 'xml.etree.ElementTree', 'cElementTree', 'elementtree.ElementTree']" i have commented all the django openid co...
Are OpenID Identity URLs considered sensitive information? For example, is it safe to store plain text OpenID Identity URLs in a DB or whatnot? I can't think of any reason that you shouldn't... but damn am I good at being wrong sometimes! ...
I have an existing website that I want to turn into an OpenID provider. All my user accounts are stored in a mysql table. I figured since an OpenID is represented as a URL, I am going to do something like: http://login.mydomain.com/username I've setup a subdomain, and created an htaccess that redirects all URLs to /login.php?username=[...
I have an application that will accept both Facebook and Yahoo registrations as well as normal registration (providing username, email, password). I'm confused on the Facebook and Yahoo side of the registration. The scenario is, upon clicking the Facebook/Yahoo registration links, users will be redirected to the provider's site for logi...
I'm building an ASP.NET MVC site where I want to use DotNetOpenAuth to implement OpenID login (I'm completely dropping username/password-based login). So far, I've been writing my code for the default username/password system with the ASP.NET Membership Provider, utilizing the roles system, the profile system, and the basic registration...
It could be a useful resource - website-reference, listing all the OpenID providers along with the features they support - SREG and/or AX, PAPE policies, etc. Are there any? ...
i am wanting to create an open id login, i am wondering if i use one of the classes from Creating an OpenID Login widget, like openid selector library or openid real selector. btw, is realselector newer/better, since its a rewrite of openid selector library is there a getting started tutorial? i see that in both i can easily login using...
Usually when I try OpenID login in immediate mode and it fails, I get a response setup_needed along with the setup_url field, which I can then use to redirect user to login page. But in the case of Google, setup_url returns blank. Why is this so? How and where do I redirect the user then? I use Janrain's OpenID Enabled library: http://w...
Hi, I previously asked a question about using app engine's remote_api with openID, and the answer worked well, both securely and insecurely. At some point soon after, however, something in app engine changed, and the solution no longer worked securely - i.e. the following remote_api_stub.ConfigureRemoteDatastore(app_id=app_id, path='/...
i have done a very simple setup with a test myopenid account require_once "Zend/OpenID/Consumer.php"; $openid_id = "http://testphp.myopenid.com/"; $consumer = new Zend_OpenId_Consumer(); if (!$consumer->login($openid_id, "http://localhost/php/openid/oid_return.php")) { die("failed"); } echo "OK"; when i try to use Google OpenID (...
Hi, I'm looking for a good (Or at least working) implementation of OpenID in erlang. I've looked at several different solutions, but non of them are working 100%. ...
My hoster has refused installs python-openid module motivated by the fact that its not reasonably safe. "This package works as a Web server, which listens to its port on a virtual server." Is it true? ...
I'm managing the implementation of Single Sign-On functionality into a suite of websites and want to create the best possible solution for our users. I would prefer that each user get a Profile Page that has the URL format: http://website/<username> But I also need to deliver content from that location, for example: http://web...
I am looking for an already completed openid login library that I can just 'plug' into my application and allow for access using any of the openid, facebook, twitter, methods that you would see on many well accessible websites. An example would be Woot.com's login: https://account.woot.com/login?returnurl=http%3a%2f%2fwoot.com%2fdefaul...
I have recently implemented Google and Yahoo's OpenID endpoints into my authentication system on my site so that users can avoid creating an account on my site. Pretty common practice, right? I have a specific question though, but first a little background information. When I get through the three-legged authentication I used Attribute...
how to integrate yahoo openid in a website. ...
I'm getting confused. I was able to make openid login kinda work using LightOpenID. All I get doing that is just an openid_identity such as "https://www.google.com/accounts/o8/id?id=xxx". Pretty disappointing: I was expecting to get the email address too. i.e. I need to login (that's what openid does) and to know the email address of ...
I am trying to implement an own OpenID endpoint based on SMF user accounts. I based my code on phpMyOpenID and some SMF authorization code. It works fine so far. I can use the endpoint to login/register on any site. If I am not logged in on the SMF, it will ask for my login and if that SMF login is successful, it accepts it. However, i...
I am planning is an OpenID client in a multiplayer network C++ game. The hoster will have the option to allow only logins from people who can authenticate via OpenID. Also I want to make it possible to allow only certain people to login. We already have some simple HTML viewer in our code (and we plan to migrate to WebKit), so displayin...