Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Janrain OpenId vs lightopenid PHP libraries

Tags:

php

openid

google-openid

lightopenid

janrain

What are the differences between the PHP implementation of Janrain's PHP OpenID library and the LightOpenID.

Is one more secure than the other?

According to Google's best practices page:

A correct OpenID implementation has to:

  1. cover checking of cryptographic signatures

  2. checking of nonces

  3. Yadis discovery

I'm guessing the Janrain's library does fulfill all these requirements as Google recommends the library, but is the LightOpenID fulfilling 1 & 2.

like image 837
icc97 Avatar asked Nov 30 '25 16:11

icc97

1 Answers

LightOpenID uses the stateless version of the protocol, making it a lot simpler than the Janrain's library.

The stateless version delegates validation (anything related to cryptography, nonces, etc.) to the provider, so LightOpenID doesn't check that by itself. It does, however, follow the spec in that matter, so it isn't a security issue.

like image 83
Mewp Avatar answered Dec 02 '25 07:12

Mewp
Sign in to Comment

Related questions

jquery datepicker on dynamic input fields
Type hinting in php
generating unique random strings and insering into db
How to read text from a flash movie (.swf)
Do require() and include() statement act differently while in a conditional statement?
parse XML from curl POST response
PHP file get contents, http version

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!