发表新帖
发表新帖

OpenID: is the identifier URL unique? what are the differences between the identifiers

前端 未结
关注
3 956
温柔的废话
温柔的废话 2021-02-07 09:52

In the OpenID specs, it says:

  • Identifier:

An Identifier is just a URL. The whole flow of the OpenID Authentication protocol is about prov

3条回答
  • 轻奢々
    轻奢々 (楼主)
    2021-02-07 10:36

    And what is the purpose of https://www.google.com/accounts/o8/id?id=AltOawk...? Is that really unique and always the same for my Google account? So that URL is what identifies me?

    If I've understood everything correctly, the answer is "Yes it is!"

    Why haven't they used https://www.google.com/accounts/o8/id?u={google-username} instead of this cryptic ...?id=AltOawk...?

    I guess they want to be safe for future changes to your account, if you for example (now or in the future) would be able to change your username, then you would probably like that to be reflected in your OpenId-claimed-identifier as well - but then you would be in trouble! all your registrations for your old claimed identifier would not be assessible. Read more here: http://wiki.openid.net/w/page/12995200/OpenID-Security-Best-Practices and here: http://blog.nerdbank.net/2008/07/case-for-case-sensitive-openid-url.html

    0 讨论(0)
 看不清?
提交回复
热议问题