What may be a good alternative way to verify return users with OpenID?
-
28-10-2019 - |
Solução
By "verify return users", I assume you just mean detect when a user returns to your account and log them in?
Attribute exchange data is provided by users, and is both optional and easily changed, so it can't be relied on for anything that is remotely related to account security.
Google's OpenID identifier is only unique per-domain — the workaround is just to have a single domain used for authentication. And that's assuming you have multiple domains. If you only have one domain, then there aren't any problems.
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow