What we’ll cover• What is OpenID and OAuth?• Where and why are these used?• “In the wild” examples.• Source code examples.
What is OpenID?• OpenID is about verifying identity (authenticating).• Prevents users from having to maintain multiple identities with websites/electronic systems.
Who uses OpenID?• You probably already have an OpenID.• Most of the major web players have an implementation.• You can provide your own implementation.
How does OpenID Work?1. What’s your OpenID?2. User enters OpenID.3. Request the OpenID Provider page.4. Provider returns page with openid.server and, optionally, openid.delegate.5. Build URL and make request to OpenID server.6. OpenID server presents login screen.7. User provides credentials.8. OpenID server asks user to authorize use.9. User responds to authorization request.10. User redirected to success or failure URL.11. Appropriate page is rendered depending on success or failure.
What is OAuth?• OAuth is about authorizing 3rd party sites to access user information.• Allows sharing of user data with other systems without providing credentials to the other systems.