If OpenID, what user data do I still need to save

2019-02-23 10:12发布

问题:

I'm trying to understand if OpenID is good for me. Right now the site has a normal registration process, and I ask the user for data I need like his email, name, username, age, etc. I then make him verify his email. All this data is stored in the database.

When I start using OpenID, this is what I understand I'll need to do:

  1. I won't need to store any password-related data
  2. I can still have an email field in my database, and I will get the email by asking the OpenID provider directly? right?
  3. Can I still ask the user for any additional details I want, like getting him to choose a username and all that?

Any thing you noticed, and you can tell me about so I understand this better?

回答1:

  • The OpenID provider will give you the user's email, but only if you ask for it.
  • There's nothing preventing you from collecting additional user data after the user logs in with OpenID. If you log in to Stack Overflow for the first time and do so using OpenID, you'll be prompted for a username and other information after the OpenID provider does the authentication.

The provider will give you a unique ID for each user - this you need to save. It's how you will match up the user that just logged in with a record in your database.

I've found OpenID by itself to be rather complicated. This PHP class makes it really easy if the only provider you want to use is Google. That webpage also includes a tutorial.