Monday, June 11, 2012

OpenID vs. OAuth

What is really the difference between OpenID and oAuth? They look just the same to me.

I should clarify, I'm planning to use them in drupal, if that makes any difference. So I guess I'm bound by whatever module implementations are available in drupal.

Source: Tips4all


  1. If you have an account (with some private resources) in a website, you can log in with username/password couple.
    If an application would like to get some private resources, and if you don't want to give them your username/password, use OAuth.

    But if you want to log in into multiple websites with a unique account, use OpenID.

    (Some websites use OAuth like OpenID, and OpenID can be use like OAuth if you have some private stuff in your OpenID account)

    Edit : It seems to be a recurrent question.

  2. OpenID is a way to specify one identity for multiple sites so you don't need to register over and over again.

    OAuth is a way to allow one application access to one account without giving said application your account login information. You can use them in conjunction.

    More info: OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing

  3. OpenID = using login credentials from an OpenID provider (Google) to login to another application (Stack Overflow)

    OAuth = Allowing an application (TwitPic) to act on your behalf to and access information from an application that you use (Twitter).

    They can be used in conjunction with each other.

  4. OpenID is purely* for multi-site authentication with a single set of credentials.

    OAuth is for letting applications access each other securely: data sharing. Think of it as setting a bond of trust between two things, eg allowing your flickr account to post things on your facebook wall or hooking your flickr photos into a third-party printing website.

    OAuth isn't just about site-to-site. You can link in desktop applications with no real concept of "identity" to an identity-driven site like Facebook or twitter (eg a twitter client being able to post to your feed without having to store your login details).

    There are similarities but OAuth is really all about the service-to-service links.

  5. OpenID is about authentication to many sites with one username.
    OAuth is about authorization - site A has permission to call site B's api.

    Here's another good article/analogy explaining the differences: