This seems to be a similar problem to the one faced by StackExchange when it implemented OpenID. You can see how they dealt with it here: https://blog.stackoverflow.com/2010/04/openid-one-year-later/
From that page:
So our cross-site user account matching now works this way:
Match by GUID. This is something we generate and assign during account association, so it’s a perfect fingerprint.
match by OpenID URL. This works for the vast majority of OpenID providers.
match by OpenID provided email address … if you are on our trust whitelist. This works for those rare OpenID providers (currently, only Google GMail) who generate domain-specific identifiers.
You could also try using a OpenID Library. Several are listed here: http://openid.net/developers/libraries/
Hope this helps.