Highest Voted 'openid' Questions - Software Engineering Stack Exchange

31

votes

5 answers

is OpenID really that bad?

I have seen this question on Quora where lots of people seem to agree that OpenID is bad, even going as far as stating that: OpenID is the worst possible "solution" I have ever seen in my entire life to a problem that most people don't really…

openid user-experience

asked Feb 21 '11 at 12:21

DoPPler

441
4
6

24

votes

4 answers

How should I architect a RESTful webservice to use 3rd party (i.e. Google, Facebook, Twitter) for authentication?

For my job we have a nice RESTful webservice we've built out that we use to drive a couple websites we have. Basically the webservice lets you create and work with support tickets, and the website is responsible for the front end. Any webservice…

web-services rest authentication oauth openid

asked Jul 24 '13 at 18:23

Ralph Callaway

373
3
8

11

votes

2 answers

Should an SPA use OIDC's Implicit flow or Auth Code flow?

We are developing a new Angular SPA which leverages Keycloak for its SSO abilities using OpenID Connect (OIDC). The app is currently designed to use the Implicit flow to retrieve short-lived access tokens via the keycloak JS adapter. However,…

javascript authentication oauth2 openid sso

asked Sep 18 '18 at 15:21

Eric B.

1,229
1
9
13

8

votes

1 answer

Using OpenID to log into multiple domains: Is this plan feasable?

For example: We're running a two community sites on two domains (call them example.com and example.net). We want to be able to expand that to more domains later. We want to allow multiple types of login (OpenID, Facebook, Twitter, standard…

openid login

asked Jul 01 '11 at 19:51

TRiG

1,170
1
11
21

7

votes

3 answers

Is caching Access Tokens on the back end of a Web Application a good idea? (access_token storage best practices)

Let's suppose we have a Web Application that uses an Open Id Connect service provider, the Web Application uses the Authorization Code flow to get access to a different API, and therefore gets an access_token and an id_token at the end of the…

architecture caching oauth2 jwt openid

asked Jun 05 '19 at 08:30

Hamza

89
2
6

6

votes

1 answer

Client generated JWT

I'm working with a 3rd party company who are providing an API along with an unusual security approach. The security approach is essentially using a JWT by itself (no oauth). What's odd is that they're expecting us (the client) to create the token…

oauth jwt openid

asked Mar 20 '19 at 19:31

fml

517
4
15

6

votes

1 answer

Authentication for users on a Single Page App?

I have developed a single page app prototype that is using Backbone on the front end and going to consume from a thin RESTful API on the server for it's data. Coming from heavy server side application development (php and python), I have really…

api api-design authentication login openid

asked Sep 18 '12 at 03:16

John H

161
2

5

votes

1 answer

OpenID implementation - PHP, Javascript, MySQL

I've started doing some research on the technologies that I will need for my website. I'm trying to implement a really simple website with OpenID user registration. The website will store a block of text for each user. I imagine this means that I…

php javascript sql openid

asked Mar 19 '11 at 20:30

Marc A.

53
3

5

votes

5 answers

Does anybody ever uses the OpenId url Log in?

As programmers I think we are the most inclined to use new technologies and things that are not so mainstream. I absolutely love OpenId's ability to log in with credentials you already have, but I always use a provider that I already use and that is…

users openid

asked Sep 09 '10 at 16:07

Francisco Noriega

370
1
9

4

votes

2 answers

Integration with multiple SSO's

Currently, we had a web app that integrated with SSO through Open-Id protocol Then we got another client that had it's own SSO and need us to integrate with their SSO through SAML protocol so their employees can authenticate and use our site, then…

web-development web-applications sso openid saml

asked Apr 04 '19 at 15:16

Nabawoka

49
2

4

votes

1 answer

Multiple OAuth2 access_tokens on the same page

We have been tasked with implementing a dashboard containing multiple widgets. The dashboard itself and all widgets need to access various secured APIs. Our authorisation protocol is OpenID. Currently, the dashboard requests an access_token with all…

architecture oauth2 openid

asked Oct 30 '17 at 10:53

Oleg

184
6

3

votes

2 answers

Using Paypal (or similar) to log into my site?

I have a web site and I want to offer a few levels of service - one free, one for a one-off payment, and one for a subscription. My first inclination is to use Paypal for the payment options. I understand that I can make some login page on my site…

authentication openid payment

asked Sep 10 '11 at 12:30

Paul Tomblin

1,949
1
15
19

2

votes

3 answers

OpenID and data espionage

This answer[link] to another question here talks about OpenID and data espionage. I quote: [Data espionage] Why let them gather the detailed statistics from many consumer site and help them build personal profiles of people? Who knows what…

web-development web-applications openid

asked Jun 06 '11 at 17:42

sameold

137
4

2

votes

0 answers

Is it good practice to use the sub claim as the user_id in my app

The resources on the web I have seen so far suggest that the 'sub' claim in a JWT identifies the principal. According to this question, at least for some identity provider implementations, one cannot transfer sub values from one identity provider to…

oauth2 jwt openid

asked Dec 03 '20 at 15:23

coderobot

21
2

2

votes

1 answer

Chaining openID token

I'm working in microservices environment, where each service authenticates using OpenID Connect to an authentication service (local IdP), based on Users I keep locally on my Database. Now, I want these services to be able to authenticate using…

authentication openid

asked Jan 22 '20 at 11:10

Nati

79
1
7

Questions tagged [openid]