ChatGPT解决这个技术问题 Extra ChatGPT

OpenID vs. OAuth [duplicate]

This question already has answers here: Closed 10 years ago.

Possible Duplicate: What's the difference between OpenID and OAuth?

What is really the difference between OpenID and oAuth? They look just the same to me.

I should clarify, I'm planning to use them in drupal, if that makes any difference. So I guess I'm bound by whatever module implementations are available in drupal.


佚名

OpenID is a way to specify one identity for multiple sites so you don't need to register over and over again.

OAuth is a way to allow one application access to one account without giving said application your account login information. You can use them in conjunction.

More info: OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing


i like this response more than the one marked as the answer. anybody else?
Due to vote count difference Mark got a nice badge for it. That's for sure. :)
@Mark: So it is now. I upvoted accepted one up (and yours as well). Should be a badge now.
Me too, I upvoted you, I think this is a really good summary
The About from the official OAuth site is very helpful. Didn't think it was worthy of another answer, but definitely a nice mention.
D
Dorian

If you have an account (with some private resources) in a website, you can log in with username/password couple. If an application would like to get some private resources, and if you don't want to give them your username/password, use OAuth.

But if you want to log in into multiple websites with a unique account, use OpenID.

(Some websites use OAuth like OpenID, and OpenID can be use like OAuth if you have some private stuff in your OpenID account)


Just comprised all the information got. Hope this OpenID & OAuth is useful.
g
gmoore

OpenID = using login credentials from an OpenID provider (Google) to login to another application (Stack Overflow)

OAuth = Allowing an application (TwitPic) to act on your behalf to and access information from an application that you use (Twitter).

They can be used in conjunction with each other.


Is'nt that the case that Stack Overflow or other websites that belong to stackoverflow like serverfault use OAuth for new user signup using google or facebook and OpenID for signup using other website of their domain like serverfault or askubuntu. In OAuth we can restrict what information is flowing from authentication party(facebook) to service provider(stackoverflow). In OpenID we simply give a certificate symbolizing the person as legal and give access to whole database. Since stackoverflow or askubuntu belong to same domain they can exchange certificates with full access to user databases.
O
Oli

OpenID is purely* for multi-site authentication with a single set of credentials.

OAuth is for letting applications access each other securely: data sharing. Think of it as setting a bond of trust between two things, eg allowing your flickr account to post things on your facebook wall or hooking your flickr photos into a third-party printing website.

OAuth isn't just about site-to-site. You can link in desktop applications with no real concept of "identity" to an identity-driven site like Facebook or twitter (eg a twitter client being able to post to your feed without having to store your login details).

There are similarities but OAuth is really all about the service-to-service links.


L
Landon Poch

OpenID is about authentication to many sites with one username. OAuth is about authorization - site A has permission to call site B's api.

Here's another good article/analogy explaining the differences: http://www.dotnetopenauth.net/about/about-oauth/


site A has permission to call site B's api. That cleared it for me. Thanks a ton.
Also, if I want users visiting my site to signup for my website by signing into Google, then storing a hash of their email ID against all their activities for accounting reasons, I'd be using... OpenID, right?
@ronnieaka OpenID would work just fine for that.
alrighty. thanks! this was a big doubt.