OpenID vs. OAuth

AuthenticationOauthOpenid

Authentication Problem Overview

> Possible Duplicate:
> What's the difference between OpenID and OAuth?

What is really the difference between OpenID and oAuth? They look just the same to me.

I should clarify, I'm planning to use them in drupal, if that makes any difference. So I guess I'm bound by whatever module implementations are available in drupal.

Authentication Solutions

Solution 1 - Authentication

OpenID is a way to specify one identity for multiple sites so you don't need to register over and over again.

OAuth is a way to allow one application access to one account without giving said application your account login information. You can use them in conjunction.

More info: OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing

Solution 2 - Authentication

If you have an account (with some private resources) in a website, you can log in with username/password couple. If an application would like to get some private resources, and if you don't want to give them your username/password, use OAuth.

But if you want to log in into multiple websites with a unique account, use OpenID.

(Some websites use OAuth like OpenID, and OpenID can be use like OAuth if you have some private stuff in your OpenID account)

Solution 3 - Authentication

OpenID = using login credentials from an OpenID provider (Google) to login to another application (Stack Overflow)

OAuth = Allowing an application (TwitPic) to act on your behalf to and access information from an application that you use (Twitter).

They can be used in conjunction with each other.

Solution 4 - Authentication

OpenID is purely* for multi-site authentication with a single set of credentials.

OAuth is for letting applications access each other securely: data sharing. Think of it as setting a bond of trust between two things, eg allowing your flickr account to post things on your facebook wall or hooking your flickr photos into a third-party printing website.

OAuth isn't just about site-to-site. You can link in desktop applications with no real concept of "identity" to an identity-driven site like Facebook or twitter (eg a twitter client being able to post to your feed without having to store your login details).

There are similarities but OAuth is really all about the service-to-service links.

Solution 5 - Authentication

OpenID is about authentication to many sites with one username.
OAuth is about authorization - site A has permission to call site B's api.

Here's another good article/analogy explaining the differences: http://www.dotnetopenauth.net/about/about-oauth/

Categories
Recommended Authentication Solutions
Recommended Oauth Solutions
Recommended Openid Solutions

Previous Solution:

What is SELF JOIN and when would you use it?

SqlSelf Join

Next Solution:

Getting only 1 decimal place

PythonRounding

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionloopView Question on Stackoverflow
Solution 1 - Authenticationuser113292View Answer on Stackoverflow
Solution 2 - AuthenticationDorianView Answer on Stackoverflow
Solution 3 - AuthenticationgmooreView Answer on Stackoverflow
Solution 4 - AuthenticationOliView Answer on Stackoverflow
Solution 5 - AuthenticationLandon PochView Answer on Stackoverflow