On 6/27/08, Alex <[EMAIL PROTECTED]> wrote: > Hello, > > I have my own registration system where users can create accounts, but I > would also like to give them the option to use other types of logins, such > as OpenID, Gmail, etc. > > What would be the best way to represent something like that in the database? <snip> > I would then use my User class to map data from the different protocols > uniformely. > > Is there a better way to implement this? I know my discards foreign key > checks, which is not ideal...
Hi Alex, Create different authentication providers for each authority. So you have a local DB provider, an OpenID provider and possibly others for each authentication / authorization scenario. Then you have some logic that performs the external authentication (e.g. OpenID) if necessary, extract a canonical username from that auth context (preferably one that is qualified with a domain), search the local DB provider for the corresponding account and create one with information from the external provider if it does not already exist. Then you create a User object that represents the local account since that is where most of the application specific data will be. That's how I do it anyway and this is how many popular applications handle external authentication (conceptually anyway). It normalizes things which allows you to swap providers if desired without changing higher level code. I would not put anything in the DB regarding external providers. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/
