Openid Server store trusted sites with identity
https://stackoverflow.com/questions/10375402
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have just started use janrain openid for php ( link ). Once I had created another table with columns like id, nick, email and an user I'd like to remember which sites I trusted. Janrain creates 2 tables oid_nonces and oid_associations. I haven't understood what's their work, if they can be useful, I know only that it seems that the oid_nonces is unused.
Thanks
Solution
In OpenID an associations is a shared secret between the relying party (you) and the OpenID provider. This shared secret is used when the user, after logging in with is OpenID provider, returns to your site. At that time, the OpenID provider has added a signature in the URL parameter openid.sig. You verify this signature with the shared secret associated with the OpenID provider.
The OpenID nonce is a one time token that is used to prevent reuse of a return URL. The first time a user comes to your site with a unkown openid.nonce your server will do the OpenID processing normally. If somebody then comes to your site with the same openid.nonce it would be a sign that somebody is trying to reuse your user’s identity.
