4
我看到通過與谷歌OpenID使用哪個URL?
LightOpenID Object
(
[returnUrl] => http://ikeyless/account/login/
[required] => Array
(
)
[optional] => Array
(
)
[verify_perr] =>
[capath] =>
[identity:LightOpenID:private] =>
[claimed_id:LightOpenID:private] => https://www.google.com/accounts/o8/id?id=[RANDOM_STRING]
[server:protected] => https://www.google.com/accounts/o8/ud
[version:protected] => 2
[trustRoot:protected] => http://ikeyless
[aliases:protected] =>
[identifier_select:protected] =>
[ax:protected] => 1
[sreg:protected] =>
[data:protected] => Array
(
[openid_identifier] => https://www.google.com/accounts/o8/id
[cmd] => account
[act] => login
[openid_ns] => http://specs.openid.net/auth/2.0
[openid_mode] => id_res
[openid_op_endpoint] => https://www.google.com/accounts/o8/ud
[openid_response_nonce] => 2010-11-16T16:49:30ZREDpfCsz7bwPsg
[openid_return_to] => http://ikeyless/account/login/
[openid_assoc_handle] => [RANDOM_STRING]
[openid_signed] => op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
[openid_sig] => [RANDOM_STRING]
[openid_identity] => https://www.google.com/accounts/o8/id?id=[RANDOM_STRING]
[openid_claimed_id] => https://www.google.com/accounts/o8/id?id=[RANDOM_STRING]
)
哪,我應該在本地存儲和比較驗證一個OpenID用戶時驗證返回了多個網址嗎?
有兩個按鍵的映射到網址:'openid_identity'和'openid_claimed_id'。 「openid_identity」指向的URL總是與「openid_claimed_id」指向的URL相同嗎? – KajMagnus 2011-09-04 00:51:34
如果我理解[文檔](http://openid.net/specs/openid-authentication-2_0.html#identifying),則使用'openid_claimed_id'鍵。從文檔:*成功的認證響應聲明的標識符應該被依賴方用作本地存儲用戶信息的關鍵。* – KajMagnus 2011-09-04 01:21:59
而且,爲了回答我自己的問題:'openid_identity'實際上可能不同於'openid_claimed_id'。 'openid_identity'是一些* OP-本地標識符: 一個終端用戶的替代標識符,對於一個特定的OP而言是本地的,因此不一定在最終用戶的控制下。*,[OpenID 2.0規範](http:// openid.net/specs/openid-authentication-2_0.html)。 – KajMagnus 2011-09-04 01:30:26