What is OpenID ??

Earlier I had a confusion with OpenID and OpenID Connect. I thought both are same. I think some of you also have the same thought. But both are different concepts.

Both OpenID and OpenID Connect are used for authentication but OAuth is used for authorization. That means, both are used for getting user information. But two activities are different.

What is OpenID?

We have a lot of profiles. So it is difficult to maintain passwords of all profiles. But OpenID solves all these issues. With OpenID you will need only a single username and password. You can create a single account with an ID and password in an identity provider, and that provider then confirms your identity to the websites you visit. Other than your provider, no website ever sees your password.

OpenID was introduced in 2005 . Several large organizations either issue or accept OpenIDs, including Google, Facebook, Yahoo!, Microsoft, AOL, MySpace, Sears, Universal Music Group, France Telecom, Novell, Sun, Telecom Italia, and many more. But nowadays openID becomes obsolete and OAuth becomes popular. During the that time, of OpenID solved many issues that could not be solved by Identity servers. It allowed for single sign on.

But today OpenID becomes obsolete , and OAuth and OpenID Connect have becomes popular.

How does OpenID work?

User owns an account at OpenID provider and he needs to prove his identity to the relying party.

An OpenID can be an Identifier or a URL.

You can sign in using this OpenID in any websites.

See the picture below. Stackoverflow requests the user to enter his OpenID

sign in using openID- image source: slideshare

2. After entering the OpenID in the relying party, the relying party redirects the user to the OpenID provider.

3. Then user should authenticate himself to the OpenID provider.

4. After validating the user, OpenID provider redirects the user to the relying party.

5. Then the relying party allows the user to access his website.

OpenID vs OAuth

The basic steps in OpenID :

The basic steps in OAuth :

We can think OpenID as a draft of OAuth. OpenID becomes less popular after the introduction of OAuth. OAuth is introduced around 2007.

OAuth is centralized. That means only the authorization server owns user credentials.

In OAuth, each time when a user wants to login, he will be redirected to the login page of authorization server unlike OpenID. In OpenID, when a user wants to login to a third party app, he should enter his OpenID to the third party app. After that he will be redirected to the OpenID provider.This is the main difference between OAuth and OpenID.

OpenID provides authentication and OAuth provides authorization. That is why OAuth is considered as a highly secured one and it becomes popular.

OpenID vs OpenID Connect

Some people think OpenID and OpenID Connect are the same. But from the above explanation you could understand some basics of OpenID.

OpenID Connect is built on top of OAuth 2.0 and it uses an ID token to share user information with the relying party.

Both OAuth and OpenID Connect are centralized. User account is owned by the authorization server. But OpenID is decentralized.

I hope now you have understood the basics of OpenID !

Learn, code!



Software Engineer @WSO2, CSE Undergraduate @ University of Moratuwa, Former Software Engineering Intern @ WSO2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Piraveena Paralogarajah

Software Engineer @WSO2, CSE Undergraduate @ University of Moratuwa, Former Software Engineering Intern @ WSO2