Answer the question
In order to leave comments, you need to log in
L
L
lehha2017-10-12 10:47:43
lehha, 2017-10-12 10:47:43
Who changes identity in OpenID?
Colleagues,
when using OpenID to authenticate users for a long period of time, an interesting situation arises - providers periodically change the user's identity and when you log in again, you cannot compare it with the old account.
For example, earlier mail.ru issued identity = http://my.mail.ru/mail/user/
and now identity = https://my.mail.ru/mail/user/
Google:
identity = https://www.google.com/accounts/o8/id?id=xxxsecretand now
identity = https://plus.google.com/1134263392342342341234Yandex does not lag behind Google:
identity = http://openid.yandex.ru/user/and now
identity = https://login.yandex.ru/1232414Here's how to identify a user on autopilot now? It is impossible for the E-mail field, as it can be faked.
Old or not old protocol, maybe cooler and oAuth, but what to do with current authorizations?
While I was compiling this investigation, I already thought to parse the identity in the hostname and compare it by it? Will Yandex move later to https://login.yandex/?
Similar questions
V
H
R
B
beduin012012-08-25 23:15:07
Is it difficult to switch from Loginza to a native oAuth provider?
2Reply
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question