现在，OpenID Connect委托Google弃用了他们的OpenID2提供程序吗? [英] OpenID Connect delegation with Google now that they are deprecating their OpenID2 provider?

问题描述

多年来，我一直使用OpenID委派以自己的URI作为OpenID登录到Stack Overflow(以及其他站点)，但由Google处理身份验证.我使用此堆栈溢出问题中所述的技术；因此，我的自定义OpenID http://tupelo-schneck.org/robert 解析为包含以下内容的HTML页面这个:

For years I have used OpenID delegation to log in to Stack Overflow (among other sites) using my own URI as OpenID but having Google handle the authentication. I use the technique described in this Stack Overflow question; so, my custom OpenID http://tupelo-schneck.org/robert resolves to an HTML page containing this:

<link href="https://www.google.com/accounts/o8/ud" rel="openid2.provider" />
<link href="https://www.google.com/profiles/schneck" rel="openid2.local_id" />  

但是，现在，我已经登录到Stack Overflow，并让Google告诉我"重要通知: Google帐户的OpenID2将于2015年4月20日停用.此页面说明Google已弃用OpenID 2.0，开发人员应将其应用迁移到OpenID Connect

Now, however, I have logged into Stack Overflow and had Google tell me "Important notice: OpenID2 for Google accounts is going away on April 20, 2015. Learn more." This page explains that Google has deprecated OpenID 2.0 and developers should migrate their apps to OpenID Connect.

我可以继续使用自定义URI进行OpenID登录，但委托给Google的OpenID Connect提供程序进行身份验证吗?怎么样?

Can I continue to use a custom URI for OpenID login, but delegate to Google's OpenID Connect provider for authentication? How?

推荐答案

仅Openem Connect 支持发现功能，该发现功能旨在根据您提供的一些提示查找您的提供商(电子邮件，帐户，URL，域等)；它不会为您提供永久标识符，您可以针对该标识符委托到您选择的可配置提供程序.

OpenID Connect only supports Discovery that is meant to find your Provider based on some hint you give it (e-mail, account, URL, domain etc.); it won't give you a persistent identifier for which you can delegate authentication to a configurable Provider of your choice.

因此，如果您只想使用自定义URI查找提供者，则可以使用Nat给出的方法(除了Google不会也不能做的最后一点，并假设SO支持Discovery).

So if you only want to use a custom URI to find your provider, you can use the approach that Nat gave (except for the last bit that Google does not and can not do and assuming that SO supports Discovery).

但是，如果您想要真正的委派，以便RP可以使用由OP返回的标识符，该标识符在您委派给的不同OP上持久存在，那么您就不能这样做.

But if you want true delegation, so that RPs can use an identifier returned by the OP that is persistent over different OPs that you delegate to, then you can't.

对于StackOverflow，您可能不需要其中之一:SO使用其自己的主要标识符/帐户，并且您可以将多个帐户(包括Google的帐户/帐户)关联到该帐户.只有当SO将您的自定义URI用作其主要标识符时，您才会遇到问题.在这种情况下，没有问题，您可以:

For StackOverflow you probably don't need either one of those: SO uses its own primary identifier/account and you can link several accounts to that, including Google's. Only if SO would have used your custom URI as its primary identifier you would have had a problem. In this case there's no problem and you can:

1. 使用Google登录按钮，或
2. 假设您已经实现了发现，请在OpenID URL输入框中键入您的自定义URI

但是1.和2.确实产生了相同的结果:他们发现发现Google是您要进行身份验证的地方.

But both 1. and 2. really yield the same result: they find out that Google is where you want to authenticate.

这篇关于现在，OpenID Connect委托Google弃用了他们的OpenID2提供程序吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！