OpenID vs. OAuth
AuthenticationOauthOpenidAuthentication Problem Overview
> Possible Duplicate:
> What's the difference between OpenID and OAuth?
What is really the difference between OpenID and oAuth? They look just the same to me.
I should clarify, I'm planning to use them in drupal, if that makes any difference. So I guess I'm bound by whatever module implementations are available in drupal.
Authentication Solutions
Solution 1 - Authentication
OpenID is a way to specify one identity for multiple sites so you don't need to register over and over again.
OAuth is a way to allow one application access to one account without giving said application your account login information. You can use them in conjunction.
More info: OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing
Solution 2 - Authentication
If you have an account (with some private resources) in a website, you can log in with username/password couple. If an application would like to get some private resources, and if you don't want to give them your username/password, use OAuth.
But if you want to log in into multiple websites with a unique account, use OpenID.
(Some websites use OAuth like OpenID, and OpenID can be use like OAuth if you have some private stuff in your OpenID account)
Solution 3 - Authentication
OpenID = using login credentials from an OpenID provider (Google) to login to another application (Stack Overflow)
OAuth = Allowing an application (TwitPic) to act on your behalf to and access information from an application that you use (Twitter).
They can be used in conjunction with each other.
Solution 4 - Authentication
OpenID is purely* for multi-site authentication with a single set of credentials.
OAuth is for letting applications access each other securely: data sharing. Think of it as setting a bond of trust between two things, eg allowing your flickr account to post things on your facebook wall or hooking your flickr photos into a third-party printing website.
OAuth isn't just about site-to-site. You can link in desktop applications with no real concept of "identity" to an identity-driven site like Facebook or twitter (eg a twitter client being able to post to your feed without having to store your login details).
There are similarities but OAuth is really all about the service-to-service links.
Solution 5 - Authentication
OpenID is about authentication to many sites with one username.
OAuth is about authorization - site A has permission to call site B's api.
Here's another good article/analogy explaining the differences: http://www.dotnetopenauth.net/about/about-oauth/