O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The OpenID Authentication Flow

Much like OAuth (which we explored in Chapter 9), OpenID maintains a standardized flow by which a user can authenticate on a third-party relaying site to an OpenID provider such as Yahoo! or Google.

There are three participants in the OpenID authentication flow that we will be working with and describing in this chapter:

The user

This is the end user who is attempting to sign in to a site or service using one of the OpenID providers.

The relaying party

This is the OpenID consumer site that is implementing an OpenID provider login in order to allow users to authenticate their accounts.

The OpenID provider

This is the site or service that has the membership database that the relaying party will authenticate against and through which the user will log in.

With that said, the OpenID authentication process will take us through four different steps, starting from when the user chooses which provider to use to sign in and ending with the authentication pass/fail returned by the provider when the user attempts to authenticate. These steps are:

  1. Request user login by passing an OpenID identifier URI.

  2. Perform discovery on the OpenID endpoint.

  3. Require the user to authenticate his account.

  4. Provide a pass/fail state based on the authentication.

Let’s break these down to see what happens between the user, relaying party, and OpenID provider at each stage.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required