If your current project has provided a lot of opportunity to learn about web security and what’s going on when you click that ubiquitous “Sign in with Google/Facebook” button. As both a computer developer and an end user, then you need applications that are secure without being too difficult to use. Looking for an option to fit both our application and our customer’s security policies, therefore we recommend you 2 of them, there are OAuth and Openid. To make you have a right decision, we make it in form of comparison with title OAuth vs Openid.
OAuth is an open protocol that allows users to share their private resources (e.g. photos, videos, list of addresses) that are stored on a web site with another site without having to submit a user name and password. This process is done by providing a token, not a user name and a password, to their data hosted by a particular service provider. OAuth is acting as an intermediary between owner approval interaction resource and http services, or third party application also allows to obtain a resource that exists on another application by using the application’s access to the resource owner. With OAuth, third party applications do not need to throw your username and password on the web to gain access to the application of the owner of the resource. It is considered more secure and simple for user authorization. OAuth allows a user to grant access to third-party sites to access their information that is stored in another service provider without having to divide access permissions or all of their data. How it works more or less similar to using a credit card and signing deals, rather than give the ATM card and PIN.
OpenID is a feature for the user (users) that allows users/someone to enter into various services using the identity (ID). So users no longer need to re-type your username and need to log on to a service on the internet. OpenID is usually shaped like a URL or link obtained from service OpenID. OpenID authentication credentials have been used and provided by a few large sites organizations like AOL, BBC, Google, IBM, Microsoft, MySpace, Orange, PayPal, Verisign, Yandex, Ustream, and Yahoo are OpenID providers. Functions and benefits of OpenID itself was clear to facilitate a person (user) to enter or register on a website that provides/allow OpenID as a replacement for the username. For us this blogger users can be used as a substitute for Name/URL when commenting. There are some blogs that doesn’t allow comments with Name/URL, OpenID can be the solution to still leave a link/URL in the website without having to use the blogger profile link.
|- Allows users to share their private resources (e.g. photos, videos, list of addresses)||- Allows users / someone to enter into various services using the identity (ID)|
|- OAuth is third party applications also allow to obtain a resource that exists on another application by accessing the resource owner||OpenID is clear to facilitate a person (user) to enter or register on a website that provides / allows OpenID as a replacement for the username|
|- OAuth is considered more secure and simple for user authorization||- OpenID can be the solution to still leave a link / URL in the website without having to use the blogger profile link|
Back on the main purpose of each application that can show the differences among them. OAuth was created to remove the need for users to share their passwords with third-party applications. OpenID was created for federated authentication, that is, letting a third-party authenticate your users for you, by using accounts they already have. The other differences also can be seen from each protocol which has a different way of calculating a signature used to verify the authenticity of the request or response, and each has different registration requirements.