OpenID如何在同一OpenID端点上的不同登录之间有所不同 [英] how does OpenID differ between different logins on the same OpenID endpoint

问题描述

我想根据 SMF 用户帐户实施自己的OpenID端点。我基于我的代码在phpMyOpenID和一些SMF授权代码。

它工作正常到目前为止。我可以使用端点在任何网站上登录/注册。如果我没有登录SMF，它将要求我的登录，如果SMF登录成功，它接受它。

但是，似乎它没有不同的SMF登录不同。也就是说另一个用户报告他试图在站点X上使用端点，用他的SMF帐户登录，并登录在我的用户帐户上的站点X（我已经在该网站上注册了OpenID端点）。

我想我必须以某种方式发送SMF登录信息，或者使其在每个SMF登录时有所不同。因为它可能是微不足道的我要做的，我想我会问这里SO - 也许还有更多的东西，我需要修复。

代码（只是PHP），如果你想看看，在这里：
http：/ /github.com/albertz/smf-openid-server

或者也许只是描述我需要做什么，使它对于每个SMF登录都是唯一的。 / p>

我计划的另一个项目是多人C ++游戏中的OpenID客户端。主持人将有选项允许只能通过OpenID进行身份验证的用户登录。另外，我想让它可能只允许某些人登录。基于OpenID登录获取唯一字符串的常见方法是什么？在这种情况下，我想到了 http：// {smf-openid-endpoint} / {smf-user} 或 http：// www.google.de/profiles/{google-user} 。

我认为这个问题可能与我的主要问题相关，这就是为什么我把它放在这里。 / p>

---

另请参阅相关问题：标识符URL是唯一的吗？

解决方案

似乎我最终得到的第一个请求是 checkid_setup 。在该响应中，我可以在 openid.identity 字段中指定唯一的网址（我在我的问题中称为唯一字符串 p>

我现在在我的代码，这似乎工作。也就是说我可以输入一般的OpenID端点URL（例如在SourceForge上），它将按我在​​我的问题中建议的方式自动扩展。

回答我的第二个问题：似乎已验证的标识符URL本身是唯一的，因此可以使用。因此，这有时看起来神秘（例如在谷歌的情况下，它只是一些哈希）。因此，这可以在内部用于不同用户之间不同。对于图形表示，我可以显示真正的用户名或邮件地址，我也应该从OpenID身份验证。

I am trying to implement an own OpenID endpoint based on SMF user accounts. I based my code on phpMyOpenID and some SMF authorization code.

It works fine so far. I can use the endpoint to login/register on any site. If I am not logged in on the SMF, it will ask for my login and if that SMF login is successful, it accepts it.

However, it seems that it doesn't differ between different SMF logins. I.e. another user reported that he tried to use the endpoint on site X, logged in with his SMF account and landed on my user account on site X (I have registered the OpenID endpoint earlier on that site).

I guess I must send somehow the SMF login or make it somehow unique per SMF login. As it is probably trivial what I have to do, I thought I'd ask here on SO -- maybe there are also more things I need to fix.

The code (just PHP), if you want to take a look, is here: http://github.com/albertz/smf-openid-server

Or maybe just describe what I need to do to make it unique for each SMF login.

Another project I am planning is an OpenID client in a multiplayer C++ game. The hoster will have the option to allow only logins from people who can authenticate via OpenID. Also I want to make it possible to allow only certain people to login. What is a common way to get a unique string based on an OpenID login? In this case, I thought of something like http://{smf-openid-endpoint}/{smf-user} or http://www.google.de/profiles/{google-user}. What is a canonical way to get such a string?

I think this other question may be related to my main question, that is why I am putting it also here.

---

See also the related question: Is the identifier URL unique? What are the different terms?

解决方案

It seems the first request from the end user I am getting is checkid_setup. On that response, I can specify a unique URL (what I call the unique string in my question) in the openid.identity field.

I have done that in my code now and it seems to work. I.e. I can enter the general OpenID endpoint URL (for example on SourceForge) and it will extend it automatically in the way I have suggested in my question.

To answer my second question: It seems that the verified identifier URL itself is unique, so this could be used. Whereby this can sometimes look cryptic (for example in case of Google, it is just some hash). So this can be used internally to differ between different users. For the graphical representation, I can show the real username or the mail address which I also should get from the OpenID authentication.

这篇关于OpenID如何在同一OpenID端点上的不同登录之间有所不同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！