How safe is openID?
Is this something that can be used for highly secure information or should it be bypassed for a single site authentication system? This may be a stupid question (as it does not sound secure) but I would like some advice. ...
openid
django django_authopenid.openid_store error in apache
I am getting the following error on my website: Error importing openid store django_authopenid.openid_store: "No ElementTree library found. You may need to install one. Tried importing ['lxml.etree', 'xml.etree.cElementTree', 'xml.etree.ElementTree', 'cElementTree', 'elementtree.ElementTree']" i have commented all the django openid co...
Are OpenID Identity URLs sensitive information?
Are OpenID Identity URLs considered sensitive information? For example, is it safe to store plain text OpenID Identity URLs in a DB or whatnot? I can't think of any reason that you shouldn't... but damn am I good at being wrong sometimes! ...
Creating a OpenID Provider in PHP
I have an existing website that I want to turn into an OpenID provider. All my user accounts are stored in a mysql table. I figured since an OpenID is represented as a URL, I am going to do something like: http://login.mydomain.com/username I've setup a subdomain, and created an htaccess that redirects all URLs to /login.php?username=[...
Need help in registration/sign-up (OAuth/OpenId with Facebook and Yahoo) and sign in
I have an application that will accept both Facebook and Yahoo registrations as well as normal registration (providing username, email, password). I'm confused on the Facebook and Yahoo side of the registration. The scenario is, upon clicking the Facebook/Yahoo registration links, users will be redirected to the provider's site for logi...
Using OpenID (via DotNetOpenAuth) along with user roles and other Membership Provider features in ASP.NET MVC
I'm building an ASP.NET MVC site where I want to use DotNetOpenAuth to implement OpenID login (I'm completely dropping username/password-based login). So far, I've been writing my code for the default username/password system with the ASP.NET Membership Provider, utilizing the roles system, the profile system, and the basic registration...
Is there anywhere a reference of all OpenID providers that support SREG or AX?
It could be a useful resource - website-reference, listing all the OpenID providers along with the features they support - SREG and/or AX, PAPE policies, etc. Are there any? ...
How do i create an OpenID login form
i am wanting to create an open id login, i am wondering if i use one of the classes from Creating an OpenID Login widget, like openid selector library or openid real selector. btw, is realselector newer/better, since its a rewrite of openid selector library is there a getting started tutorial? i see that in both i can easily login using...
Google OpenID problem: setup_needed and blank setup_url
Usually when I try OpenID login in immediate mode and it fails, I get a response setup_needed along with the setup_url field, which I can then use to redirect user to login page. But in the case of Google, setup_url returns blank. Why is this so? How and where do I redirect the user then? I use Janrain's OpenID Enabled library: http://w...
Secure remote_api in app engine with OpenID
Hi, I previously asked a question about using app engine's remote_api with openID, and the answer worked well, both securely and insecurely. At some point soon after, however, something in app engine changed, and the solution no longer worked securely - i.e. the following remote_api_stub.ConfigureRemoteDatastore(app_id=app_id, path='/...
Zend_OpenId and Google login
i have done a very simple setup with a test myopenid account require_once "Zend/OpenID/Consumer.php"; $openid_id = "http://testphp.myopenid.com/"; $consumer = new Zend_OpenId_Consumer(); if (!$consumer->login($openid_id, "http://localhost/php/openid/oid_return.php")) { die("failed"); } echo "OK"; when i try to use Google OpenID (...
A good OpenID implementation in Erlang?
Hi, I'm looking for a good (Or at least working) implementation of OpenID in erlang. I've looked at several different solutions, but non of them are working 100%. ...
Is python-openid not reasonably safe?
My hoster has refused installs python-openid module motivated by the fact that its not reasonably safe. "This package works as a Web server, which listens to its port on a virtual server." Is it true? ...
Distinguishing User Profile Pages from Content Pages
I'm managing the implementation of Single Sign-On functionality into a suite of websites and want to create the best possible solution for our users. I would prefer that each user get a Profile Page that has the URL format: http://website/<username> But I also need to deliver content from that location, for example: http://web...
PHP OpenID Library that allows facebook / openid / twitter, etc;
I am looking for an already completed openid login library that I can just 'plug' into my application and allow for access using any of the openid, facebook, twitter, methods that you would see on many well accessible websites. An example would be Woot.com's login: https://account.woot.com/login?returnurl=http%3a%2f%2fwoot.com%2fdefaul...
Using OpenID with an existing website login sytem
I have recently implemented Google and Yahoo's OpenID endpoints into my authentication system on my site so that users can avoid creating an account on my site. Pretty common practice, right? I have a specific question though, but first a little background information. When I get through the three-legged authentication I used Attribute...
integrate yahoo open id in a website
how to integrate yahoo openid in a website. ...
Getting a gmail address with... openid? oauth?
I'm getting confused. I was able to make openid login kinda work using LightOpenID. All I get doing that is just an openid_identity such as "https://www.google.com/accounts/o8/id?id=xxx". Pretty disappointing: I was expecting to get the email address too. i.e. I need to login (that's what openid does) and to know the email address of ...
how does OpenID differ between different logins on the same OpenID endpoint
I am trying to implement an own OpenID endpoint based on SMF user accounts. I based my code on phpMyOpenID and some SMF authorization code. It works fine so far. I can use the endpoint to login/register on any site. If I am not logged in on the SMF, it will ask for my login and if that SMF login is successful, it accepts it. However, i...
OpenID authentication in C++ multiplayer network game
I am planning is an OpenID client in a multiplayer network C++ game. The hoster will have the option to allow only logins from people who can authenticate via OpenID. Also I want to make it possible to allow only certain people to login. We already have some simple HTML viewer in our code (and we plan to migrate to WebKit), so displayin...