Google's OpenID identifier is different depending on the "consumer" domain name. How to avoid potent

Posted by JohnnyO on Stack Overflow See other posts from Stack Overflow or by JohnnyO
Published on 2010-04-05T06:58:11Z Indexed on 2010/04/05 7:03 UTC
Read the original article Hit count: 282

Filed under:

openid

|

dotnetopenid

|

Identity

I'm currently testing an OpenID implementation, and I'm noticing that Google sends a different identifier for different consuming host name / domain name, even for the same user. For example, Google sends a different identifier when the requesting site is localhost, compared to the identifier they send when the requesting site is 127.0.0.1 for the same user.

Note: I haven't actually tested this using public domain names, but I can't see why the behavior would be any different.

My concern with Google's behavior is that if we ever choose to change our website domain name in the future, then users will no longer be able to log in to the website using Google's OpenId as the identity provider. This seems to be a big problem. Am I missing something, or are all OpenID consuming sites faced with this potential problem?

I've also tested this with MyOpenId, but the identifier that MyOpenId creates is fixed, so this wouldn't be a problem with them.

Thanks.

© Stack Overflow or respective owner

Related posts about openid

Django & google openid authentication (openid.ax) with socialauth

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello I am trying to use django-socialauth (http://github.com/uswaretech/Django-Socialauth) for authenticating users for my django project. This is firs time working with openid and i've had to figure out how exactly this open id works. I have more or less understood it, by now, but there are few… >>> More
Configuring Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML… >>> More
DotNetOpenAuth OpenID Provider "Sequence contains more than one element"

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, all, I'm having trouble implementing my OpenID provider with DNOA 3.4.3. Everything was going absolutely peachy until I needed AX support as well. I set AXFetchAsSregTransform in the web config, as recommended by Andrew at http://groups.google.com/group/dotnetopenid/browse_thread/thread/5629a24c0a7e8d99… >>> More
why OAuth request_token using openid4java is missing in the google's response?

as seen on Stack Overflow - Search for 'Stack Overflow'
I have succeed using openID and OAuth separately, but I can't make them work together. Am I doing something incorrect: String userSuppliedString = "https://www.google.com/accounts/o8/id"; ConsumerManager manager = new ConsumerManager(); String returnToUrl = "http://example.com:8080/isr-calendar-test-1… >>> More
Django & google openid authentication with socialauth

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello I am trying to use django-socialauth (http://github.com/uswaretech/Django-Socialauth) for authenticating users for my django project. This is firs time working with openid and i've had to figure out how exactly this open id works. I have more or less understood it, by now, but there are few… >>> More

Related posts about dotnetopenid

DotNetOpenId openIdRelyingParty Setup

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, I'm new to .Net and am trying to setup dotNetOpenID. I'm simply trying to get the following line to build ok without getting any errors: var openIdRelyingParty = new OpenIdRelyingParty(); Currently when I build, I get the following error: The tpe or namspace name'OpenIdrelyingParty' could… >>> More
dotnetopenid attribute extensions just not working for me!

as seen on Stack Overflow - Search for 'Stack Overflow'
So here's some code on the request:- IAuthenticationRequest req = openid.CreateRequest(Request.Form["openid_identifier"]); //add extention requests here req.AddExtension(new ClaimsRequest { Email = DemandLevel… >>> More
DotNetOpenID / DotNetOpenAuth

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anyone have any documentation on DotNetOpenAuth and the way it handles while lists and black lists? My config <untrustedWebRequest> <blacklistHosts> <add name="*" /> </blacklistHosts> <whitelistHosts> <add name="www… >>> More
dotnetopenauth token ? is it required?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I've implementend openId login system on my site and it works ok, but when i compare what is send to openidprovider and back is different with that what is send by stackoverflow.com for example whis send s paramenter and token parameter? Are these parameteres custom parameters send by stackoverflow… >>> More
OpenId ASP MVC Authentication with long expiry

as seen on Stack Overflow - Search for 'Stack Overflow'
Stackoverflow uses OpenId as many other websites. However, I rarely need to provide my OpenId to Stackoverflow while with other OpenId enabled websites, I have to do it once a day or week. This suggests to me that the expiry of the session is with the website and not the OpenId provider. Looking… >>> More