Reputation: 9675
ClaimedIdentifier for Google Accounts when using Dotnetopenauth
I'm currently switching from Janrain engange (rpxnow) to dotnetopenauth. In my database I have the claimedidentifieres from my users stored in the form
https://www.google.com/accounts/o8/id?id=AItOawnVaDz_Os6ysv4-tB0zlhFan1ltyHWa10k
When using engange I was able to switch between dev, test and prod enviroments and the claimed Ids would always remain the same. So I was asuming that these Ids would also be the same when using dotnetopenauth. To my surprise the are smiliar but not identical. What makes things even more confusing, is that it seems, that when I change the path of my webapp, e.g. from http://localhost/ to http://localhost/mvc, the claimed identifier also changes.
Could somebody shed some light on this please and help me make my ids moveable from enviroment to another
BTW: Moving other account types such as yahoo has worked without a problem
Upvotes: 2
Views: 714
Answers (1)
Reputation: 81801
Google leverages a feature of OpenID called "directed identity", which means that the Claimed Identifier that it sends the RP is going to be different for the same Google Account that is logging in for each unique RP. Yahoo and other providers do not leverage this feature so that's why you only see it for Google accounts.
The key that Google uses to distinguish each RP is the IAuthenticationRequest.Realm property, which by default DotNetOpenAuth sets to be the root URL of your web site. This is why different hosting URLs such as http://localhost or http://localhost/mvc get different Claimed Identifiers.
Janrain Engage has various service levels, some of which (last I checked) use their own domain name, with your RP's name included as a 3rd-level domain name, as the Realm, which can make it difficult or impossible to stop using their service because the claimed identifiers would all change, causing all your Google customers to lose access to their accounts on your site. However, last I heard, Janrain stores some special account details to make migrating off of their service possible. I suggest you contact their support people to ask them what the process is.
Upvotes: 6
Related Questions
- googleConsumerKey and googleConsumerSecret for DotNotOpenAuth library
- Authentication with Google using OpenOAuthProvider
- DotNetOpenAuth OAuth 2.0 authorization with Google
- How do I use DotNetOpenAuth with Google Apps for Domains as provider
- Google Hybrid OpenID+OAuth with dotnetopenauth
- DotNetOpenAuth - how to uniquely identify Google users?
- How to use DotNetOpenAuth to retrieve emailId of the google users
- DotNetOpenAuth and Google OpenId Params
- DotNetOpenAuth and Google OpenID implementation
- How do I get the username using DotNetOpenAuth with Google