How do I use more than one OpenID? [closed]
https://stackoverflow.com/questions/4661
-
08-06-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have more than one OpenID as I have tried out numerous. As people take up OpenID different suppliers are going to emerge I may want to switch provinders. As all IDs are me, and all are authenticated against the same email address, shouldn't I be able to log into stack overflow with any of them and be able to hit the same account?
Solution
I think each site that implements OpenID would have to build their software to allow multiple entries for your OpenID credentials. However, just because a site doesn't allow you to create multiple entries doesn't mean you can't swap out OpenID suppliers.
How to turn your blog into an OpenID
STEP 1: Get an OpenID. There a lots of servers and services out there you can use. I use http://www.myopenid.com
STEP 2: Add these two lines to your blog's main template in-between the <HEAD></HEAD> tags at the top of your template. Most all blog engines support editing your template so this should be an easy and very possible thing to do.
Example:
<link rel="openid.server" href="http://www.myopenid.com/server" /> <link rel="openid.delegate" href=http://YOURUSERNAME.myopenid.com/ />
This will let you use your domain/blog as your OpenID.
Credits to Scott Hanselman and Simon Willison for these simple instructions.
Switch Your Supplier
Now that your OpenID points to your blog, you can update your link rel href's to point to a new supplier and all the places that you've tied your blog's OpenID will use the new supplier.
OTHER TIPS
In addition to the meta tag sample by Otto, you should be aware whether your provider supports OpenID 2.0 (there are numerous improvements). If it does use meta tags as the following:
<link rel="openid2.provider" href="http://www.loginbuzz.com/provider.axd" />
<link rel="openid2.local_id" href="http://example.loginbuzz.com/" />
<link rel="openid.server" href="http://www.loginbuzz.com/provider.axd" />
<link rel="openid.delegate" href="http://example.loginbuzz.com/" />
A good idea would also be to use secure links, but this could limit some relying parties from signing in. This could however be solved by providing a XRDS document.
The really neat thing about XRDS is that you are able to specify multiple providers in this document. Say you have a bunch of different accounts all with different providers supporting different extensions. The relying party are then able to select the best match by itself. In the XRDS document you could also specify multiple URLs for each service, so that https is used when appropriate.
I would also recommend buying an i-name as it by design is more secure (the canonical ID - the i-number - associated with an i-name belongs to you even if the i-name expires).
@prakesh
As long as you associate all of them to the same email address, i would think it would lead you to same account.
But whats your experience?
When I tried it out I got a whole new account with 0 rep and no steenkin badges. So at the moment SO does not allow multiple OpenID's to be associated with the one account
Doesn't using multiple open-id providers sort of undermine the point of open id?
No. Say you are using a Yahoo OpenID, but you decide to move to Google instead. Multiple OpenIDs per account allows you to associate your account with the Google OpenID, then deauthorize the Yahoo OpenID.
Doesn't using multiple open-id providers sort of undermine the point of open id?
The key here is to not change identities, ever. Change providers, but not identities. (this is like real life)
So new users to OpenID should first consider what their identity could be.
Users that already have some kind of website they own should choose this URL and users without a website have these options:
- Get something like a blog to get a URL
- Buy an i-name (or a domain name)
- or use an identity provider supplied URL
In the case of the identity provider supplied URL, users need to be aware that if in the future they choose to delegate or change identities in some way that its essentially a new identity and that multiple identity support with RPs (and OPs) is limited (required usually to re-associate a local account on an RP site to a different OpenID identity).
