How to store OpenID Identity in DB - any recommendation?
Martin Atkins
mart at degeneration.co.uk
Mon Aug 7 18:10:05 UTC 2006
Vladimir wrote:
> Hello,
>
> I read some of the previous articles about HTTP/HTTPS identities, but
> I'd like to know, if you can recommend me how to store and identify
> multiple identities as a one single user.
>
> We all know, that user could enter:
> https://www.openidserver.com/user/
> https://www.openidserver.com/user
> http://www.openidserver.com/user/
> http://www.openidserver.com/user
> [or other variants without http/https]
>
> in most cases refers to one single identity.
>
> What would you recommend to webmaster? How to store an OpenID identity
> in database at this moment based on current specs?
>
We never did reach any kind of consensus on the issue of "probably the
same" URLs. Right now the recommended practice is to consider URLs to be
identical only if they are identical byte-for-byte.
However, you should make sure that your "identity-to-user" is a
many-to-one relationship. That is, allow each "user" to have multiple
identities.
The best way to handle this is to let users log in with OpenID and then,
once they have logged in and you have created them a user account, let
them add additional identities to that account by doing normal OpenID
auth for them. The OpenID wiki at <http://lifewiki.net/openid/> does
this, and you can see there that I have four distinct identities
attached to my single user account. No matter which identity I use, the
system treats me as the same user.
If you provide the ability for users to remove defunct identities from
their account this also provides them with a mechanism to migrate from
one identity to another without losing their user account.
More information about the yadis
mailing list