I'm a little curious to understand about how OpenID authentication works.

Can there be any distinction between OpenID authentication and also the authentication which websites use solely on their own?

What's OpenID?

OpenID is definitely an open, decentralized, free framework for user-centric digital identity. OpenID uses already established internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that individuals happen to be creating details on their own may it be at their blog, photostream, profile page, etc. With OpenID it is simple to transform one of these simple existing URIs into a merchant account which may be used at sites which support OpenID logins.


Distinction between OpenID and conventional authentification form?

The main difference would be that the identification is going to be decentralized for an exterior site (for instance Wordpress, Yahoo, ...). The web site knows set up identification is alright and allow you to login. Conventional website authentication works an evaluation with data in a private database, so that your password may be used to login for this website only. With OpenID you should use exactly the same qualifications on multiple websites.

How it operates?


  1. User connects to OpenID enabled website.
  2. User makes its way into credential information.
  3. A Publish is made from a BASE64 (web site to provider)
  4. A solution is made (that consists of expiration)
  5. The web site redirects the consumer towards the provider to login.
  6. User makes its way into password and submit.
  7. Verification is performed.
  8. Login!

I happened across this excellent OpenID introduction that is neither excessive-level nor lacking-level.


It's a little verbose, and pretty much written as prose, but it is an enjoyable read and incredibly informative by what happens behind the curtain.

(Answer copied and pasted from my answer at OpenID login workflow?.)