Stack Overflow
Stack Overflow

Questions tagged [openid]

OpenID is an open standard that describes how users can be authenticated in a decentralized manner. It allows the user to use an existing account to sign in to multiple websites, without needing to create new passwords.

OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities. Users may create accounts with their preferred OpenID identity providers, and then use those accounts as the basis for signing on to any website which accepts OpenID authentication

- Wikipedia

3669 questions
60
votes
5 answers

Securly Storing OpenID identifiers and OAuth tokens

I am creating a web app that will use OpenID logins and OAuth tokens with Youtube. I am currently storing the OpenID identity and OAuth token/token secret in plain text in the database. Is it inappropriate to store these values as plain text? I…
Matt McCormick
  • 13,041
  • 22
  • 75
  • 83
57
votes
17 answers

What reasons are there NOT to use OpenID?

You see a fair bit (in the Geek community anyway) about OpenID. It seems like a good idea. I'm developing a website that will be targeted at a somewhat less geeky audience (but not quite Mom and Pops either) so I have to wonder if OpenID is going…
cletus
  • 616,129
  • 168
  • 910
  • 942
57
votes
4 answers

IdentityServer Flows

IdentityServer supports different OpenId Connect flows that are defined in the Flows enum and set for clients. There's also samples for each type of flow and many references to them in the docs but I could not find a simple definition list of what…
orad
  • 15,272
  • 23
  • 77
  • 113
51
votes
15 answers

What is the benefit of using ONLY OpenID authentication on a site?

From my experience with OpenID, I see a number of significant downsides: Adds a Single Point of Failure to the site It is not a failure that can be fixed by the site even if detected. If the OpenID provider is down for three days, what recourse…
Peter
  • 3,563
  • 5
  • 30
  • 43
49
votes
2 answers

What is the difference between id_token and access_token in Auth0

In Auth0 you can use refresh tokens. In this link, we can see many returned parameters: lock.showSignin({ authParams: { scope: 'openid offline_access' } }, function (err, profile, id_token, access_token, state, refresh_token) { // store…
Scott Coates
  • 2,462
  • 5
  • 31
  • 40
46
votes
2 answers

Best OpenId API for ASP.NET MVC application

I am developing an ASP.NET MVC application and I want to use OpenId. What is the best option? DotNetOpenId RPX Other??? Does anyone know what StackOverflow uses? Is the Login UI custom-developed, or provided by an API/service?
Jedi Master Spooky
  • 5,629
  • 13
  • 57
  • 86
43
votes
8 answers

Authentication for REST web services

I'm starting to design a REST web service, and am unclear on the best approach to authentication. The service will allow individual users to access/manage their own data, so some type of user authentication is required. I've been looking at these…
user2943799
  • 947
  • 2
  • 13
  • 23
42
votes
3 answers

Best way to implement Single-Sign-On with all major providers?

I already did a lot of research on this topic and have implemented a lot of solutions myself. Including OpenID, Facebook Connect (using the old Rest API and the new Graph OAuth 2.0 API), Sign in with twitter (which has been upgraded to fully…
The Surrican
  • 29,118
  • 24
  • 122
  • 168
42
votes
1 answer

Secure remote_api in app engine with OpenID

I previously asked a question about using app engine's remote_api with openID, and the answer worked well, both securely and insecurely. At some point soon after, however, something in app engine changed, and the solution no longer worked securely…
hawkett
  • 3,053
  • 5
  • 29
  • 39
41
votes
7 answers

How do you develop against OpenID locally

I'm developing a website (in Django) that uses OpenID to authenticate users. As I'm currently only running on my local machine I can't authenticate using one of the OpenID providers on the web. So I figure I need to run a local OpenID server that…
d4nt
  • 15,475
  • 9
  • 42
  • 51
40
votes
2 answers

How to add Social login services from Google, Facebook, Yahoo etc. to my website?

I want to add the following buttons to my website for providing users with option to login using more services like Google, Facebook etc. Please answer the following questions: How can I add various services like this free of cost? (Please note…
sumit
  • 10,935
  • 24
  • 65
  • 83
38
votes
4 answers

oAuth ASP.NET Membership Provider

Are there any recommended resources for implementing a custom membership provider that uses oAuth? The goal would be to have users to log into my ASP.NET MVC application using their existing oAuth credentials. After the user is authenticated, I'd…
Eric Tobia
  • 774
  • 1
  • 9
  • 13
36
votes
4 answers

IDX10501: Signature validation failed. Unable to match keys

Please help me to understand the difference between JWT token validation from the ASP netcore application and the netcore Kestrel hosted application. There are two applications that verifies token using the source code like below: public static…
oleksa
  • 3,688
  • 1
  • 29
  • 54
36
votes
8 answers

google account logout and redirect

I am using openid to log the user in.(google account only). Now I have a sign out link in my page, which on clicking, I want the user to be logged out of google accounts and the page to be redirected to my home page. can this be done…
Shrinath
  • 7,888
  • 13
  • 48
  • 85
35
votes
2 answers

OpenID: Trying to Get Email Address from Google OP

I’m using dotnetopenauth 3.2 to implement Openid and can’t figure out how to get Google to pass the email address in the Claims Response. I know that Google doesn’t support simple registration, but I can’t determine what they do support. Caveat…
Zaffiro
  • 4,834
  • 5
  • 36
  • 47
1
2
3
99 100