发表新帖
发表新帖

OAuth? ,OpenID? Neither? Which one should my site support?

前端 未结
关注
8 608
别那么骄傲
别那么骄傲 2020-12-24 02:42

I working on a new website and wanted some advice/feedback on OAuth vs OpenID vs Standard site owned username/password.

相关标签:
8条回答
  • 梦毁少年i
    2020-12-24 03:14

    I am in favor of supporting integrating user authorization using OpenID, Facebook and any other authenticators out there. Give the user a choice.

    ALSO give them the option of not using them. Particularly in adult oriented websites your users may choose not to go with something that isn't as anonymous as a simple sign up to your website. Just use best practices when it comes to storing passwords.

    0 讨论(0)
  • 滥情空心
    2020-12-24 03:20

    Keep in mind that even if your site doesn't need to access your users' private data on other sites, OAuth may still apply if you site has data that users may want to access either through an API or from another web site. With OAuth, either end or both might apply to your site.

    0 讨论(0)
  • 孤街浪徒
    2020-12-24 03:28

    My impression of OAuth is that it's more for allowing secure, authenticated access to an API rather than for general user access.

    Personally, I'd love to see more sites support OpenID.

    0 讨论(0)
  • 天涯浪人
    2020-12-24 03:28

    Here is the brilliantly clear explanation. Coming directly from the OAuth documentation.

    0 讨论(0)
  • 谎友^
    2020-12-24 03:33

    You may want to read this article by Malcom Tredinnick which explains what openid and oauth are, and do. They serve different purposes.

    In summary, openid would be used to uniquely identify users - it's an identity solution. oAuth would provide a means to interact with data that your site's users have access to by allowing the user to grant your site temporary access to external services, their flickr account, for example - it's an authorization tool.

    Offering only the standard site-specific account is always an option, of course but IMHO, supporting openid is better for your users and for the web. Many sites that implement openid allow users to use an openid if they have one, but also allow users to sign in and create accounts without openid as well. So, it's not necessarily an either/or proposition. You can do both!

    0 讨论(0)
  • 忘掉有多难
    2020-12-24 03:34

    You can combine all of them and get the best out of it, but it depends on your design choices.

    For example if you are using Java, you can configure Acegi(Spring Security) to allow openID along with your normal authentication mechanism.

    openID has OAuth extensions

    OAuth has openID extensions

    It's up to you...

    0 讨论(0)
 看不清?
提交回复
热议问题