OAuth? ,OpenID? Neither? Which one should my site support?

openid oauth registration
Justin Locke picture Justin Locke · Apr 29, 2009 · Viewed 8k times · Source

I working on a new website and wanted some advice/feedback on OAuth vs OpenID vs Standard site owned username/password.

Answer

vezult picture vezult · Apr 29, 2009

You may want to read this article by Malcom Tredinnick which explains what openid and oauth are, and do. They serve different purposes.

In summary, openid would be used to uniquely identify users - it's an identity solution. oAuth would provide a means to interact with data that your site's users have access to by allowing the user to grant your site temporary access to external services, their flickr account, for example - it's an authorization tool.

Offering only the standard site-specific account is always an option, of course but IMHO, supporting openid is better for your users and for the web. Many sites that implement openid allow users to use an openid if they have one, but also allow users to sign in and create accounts without openid as well. So, it's not necessarily an either/or proposition. You can do both!

Related questions

What's the difference between OpenID and OAuth?

I'm really trying to understand the difference between OpenID and OAuth? Maybe they're two totally separate things?

Read More
Securing my REST API with OAuth while still allowing authentication via third party OAuth providers (using DotNetOpenAuth)

I have a product with a straightforward REST API so that users of the product can directly integrate with the product's features without using my web user interface. Recently I have been getting interest from various third parties about integrating …

Read More
Authentication for REST web services

I'm starting to design a REST web service, and am unclear on the best approach to authentication. The service will allow individual users to access/manage their own data, so some type of user authentication is required. I've been looking …

Read More