Google OpenID unique identifier problem
https://stackoverflow.com/questions/3846941
-
27-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i recently asked question which was closed down linked here.
https://stackoverflow.com/questions/3827349/how-to-use-one-openid-across-multiple-domains-closed
I did not even had time to correct myself. somebody mis interpret it, changed title, somebody else think it is not relavent and closed it. :(
The problem is with Google OpenID system. They are security freak. Which is good. but When we use their OpenID system, they provide DIFFERENT UNIQUE FEDERATED IDENTITY URL FOR SAME USER BUT FOR DIFFERENT DOMAIN. i.e. if i login in to meta.stackoverflow.com with Google openID and then I login in to something.com with Google OpenID, they two will not have same unique identifier of myself. so, when two domain merge, they can not recognize same user across domain. either they have to use their email id or some additional information. I wanted to know if using some other information with openID is secure enough ? I read that, anything apart from unique identifier ( i.e. nickname, email, dob etc ) is not secure enough for openID and we should not use it apart from casual use.
Solution
got it.
they are using common domain and not different domain. which explains everything.
http://blog.stackoverflow.com/2010/09/global-network-auto-login/
A blog post about it.
:)
