问题
I'm just wondering if all I need is the identity url in order to to theoretically attach an OpenID account to a user's account.
I have identity urls that look like the following: https://www.google.com/accounts/o8/id?id=YGnyuGHMUmhUI98nuhUMhu98nuN.
Is this different between OpenID 1.0 and 2.0?
Just in case someone asks: I'm using Django + django-openid-consumer
Thanks guys =)
回答1:
All you need to bind to a user account is the "Claimed Identifier" which is what the sample URL you provided is called. OpenID 1.x and 2.0 have a handful of URLs it deals with, including "openid.identity" and "openid.claimed_id" values. It is very important that you're reading from the property that gives you openid.claimed_id rather than openid.identity when storing the value with the user account. In the case of Google as you showed, the same value is put into both parameters so it's hard to know for sure whether you're getting the right thing from the OpenID library you're using.
Just review what Django offers to you, and if you see anything that looks like claimed_id, use that.
来源:https://stackoverflow.com/questions/3363781/is-all-i-need-the-identity-url-openid