如何OpenID身份验证的工作? [英] How does OpenID authentication work?
问题描述
我有点好奇,想知道如何验证工作的OpenID
有哪些网站只使用自己的OpenID认证和认证有什么区别?
什么是OpenID?
OpenID是一个开放的,分散 免费作为以用户为中心的数字身份的框架。 OpenID的需要已经存在的互联网技术(URI,HTTP,SSL的Diffie-Hellman)的优势,并意识到人们已经创造了自己的身份,无论是在他们的博客,照片流,个人资料页,等有了OpenID的您可以轻松地将一种这些现有的URI到一个帐户,它可以在网站上使用其支持OpenID登录的。
块引用>OpenID和传统的鉴别形式之间的区别?
不同的是,该识别将被分散到外部站点(例如字preSS,雅虎,...)。该网站将知道的鉴定是否OK,让你登录。传统的网站进行身份验证,在专用数据库中保存的数据进行比较,所以你的用户名和密码可以用来登录仅此网站。使用OpenID,您可以使用在多个网站上相同的凭据。
它是如何工作?
步骤
- 用户连接到支持OpenID的网站。
- 用户输入凭证信息。
- 系统自检与BASE64作出(网站提供)
- 一个答案是建(包含过期)
- 网站将用户重定向到提供者登录。
- 用户输入密码并提交。
- 验证完成。
- 登录!
I am a little curious to know about how OpenID authentication works.
Is there any difference between OpenID authentication and the authentication which sites use exclusively for themselves?
解决方案What is OpenID?
OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already creating identities for themselves whether it be at their blog, photostream, profile page, etc. With OpenID you can easily transform one of these existing URIs into an account which can be used at sites which support OpenID logins.
Difference between OpenID and conventional authentification form?
The difference is that the identification will be decentralized to an external site (for example Wordpress, Yahoo, ...). The website will know whether or not the identification is OK and let you login. Conventional website authentication performs a comparison with data held in a private database, so your username and password can be used to login to this website only. With OpenID you can use the same credentials on multiple websites.
How it works?
- You can see the Flow of operation here (image)
- Step-by-step activities here
- Step-by-step activities here (other blog)
Steps
- User connects to OpenID enabled website.
- User enters credential information.
- A POST is made with a BASE64 (website to provider)
- An answer is built (that contains expiration)
- The website redirects the user to the provider to login.
- User enters password and submit.
- Verification is done.
- Login!
这篇关于如何OpenID身份验证的工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!