Hello, With this thread of using oAuth 2 for identity I am confused to which protocol should I use for a single sign-on solution that I need to implement.
Let me explain my case and see if anybody can clarify what is the best solution for me. I have one site, lets call it site A, that has many user accounts. I want to build another site, lets call it site B, but I do not want users with accounts in site A to create new accounts to access site B. They could just use the same account data from site A and use it in site B. In the future I may have sites C, D, etc.. I thought of creating an OpenID authentication server, lets call it OP, and migrate user account from site A to OP. When users go to site A or B and need to login, they are redirected via OpenID to OP for authentication. If successful, OP passes site A or B the account, personal name, nick name and e-mail when redirecting back to sites A or B, so those sites always have copies of that account information for imediate use. If the user updates one of those details in site A or B, they push the changes to OP and OP propagates the changes to the other site A or B that also has the same user account. >From the specifications that I read, OpenID and its extensions can be used the way I need. This will all be used only within my network sites. I do not intend to allow users to autheticate with external OpenID providers, nor I want other sites to use my OpenID provider to authenticate in other sites. Since this is meant for use restricted to my sites, I could invent a proprietary protocol, but I thought it was better to not reinvent the wheel. I will develop all the necessary components to implement the OpenID provider and consumers with the needed extensions. Actually the consumer component is mostly done. I was moving to the OpenID provider component when I noticed this thread of using oAuth 2 for identity. So now I wonder if I am in the right path? Shall I keep doing it with OpenID or shall I do it with oAuth 2? Can anybody please shed some light so I can make the best decision? -- Regards, Manuel Lemos Find and post PHP jobs http://www.phpclasses.org/jobs/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
