•  11-07-2023
  •  | 
  •  

Question

I want to build a PHP web app where users can log in with Facebook, Google, twitter or any other possible server and engage in some activities like voting and commenting. I won't be using any of the user's data from the service provider. So which one is better option OpenId or OAuth? or should I try implementing with the API of each provider?

Was it helpful?

Solution

I would recommend OpenID Connect.

Too many websites have an OAuth2 authentication API. For a list of the more major sites, see: http://www.gluu.co/oauth-pocket-reference

This is simply un-tenable for web developers. OpenID Connect went final in Feb 2014. Google support it. Any other domain on the Internet that supports it could be supported automatically (i.e. as long as their domain supports OpenID Connect Discovery... publication of their endpoints at /.well-known/openid-configuration

NRI has an open source PHP OpenID Connect library: http://www.gluu.co/oidc-php-rp

If you support these legacy, proprietary consumer IDPs, it will be a pain in the neck as they slowly fall out of favor.

You may also look at a higher level interface like everyauth.com

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top