openid | 易学教程

DotNetOpenId — “This message has already been processed” Error

阅读更多关于 DotNetOpenId — “This message has already been processed” Error

问题 I'm starting with OpenId using the dotnetopenid library and, so far, so good, but when I try to login, it shows me the following message: This message has already been processed. This could indicate a replay attack in progress. The first time I used my app it failed and, after that, the above message it is always returned. How can I "logout" the user that I'm using for testing or how can I can clear the request so I can login/logout? Thanks in advance! =) 回答1: I found the problem, a seely

OpenId with Desktop Application?

阅读更多关于 OpenId with Desktop Application?

问题 We're using an API from a provider; in their next version, they would provide an OpenId server but mostly the users are using their desktop application. An other website we're building would be opened from this application and we supposedly would connect with openid to access the resources stored in this provider. Still I don't understand how this would work if user is already authenticated with the desktop, will they have to authenticate an other time ? What happens if they close their

Issue in Self Signed Client Certificate while processing an Identity Server Client Credentials Flow

阅读更多关于 Issue in Self Signed Client Certificate while processing an Identity Server Client Credentials Flow

问题 I created a Self Signed Certificate for my internal development purpose using MakeCert.exe Step #1 : I Created a Root CA using the following Command makecert -n "CN=Bala root signing authority" -cy authority -r -sv root.pvk root.cer Step #2 : Installed the Root CA Certificate which is created in Step #1 using the following Command certutil -user -addstore Root root.cer Step #3 : I Created a Client Certificate using the following Command makecert -pe -n "CN=Bala Client" -a sha1 -cy end ^ -sky

What are the dangers of using OpenID for your website?

阅读更多关于 What are the dangers of using OpenID for your website?

问题 Let's say I create a website like StackOverFlow and decide to use OpenID. What's to prevent me, or anyone else for that matter, from phishing the ID's? That is, how can you truly know that any website is using OpenID and not pretending to? And how do you protect myself against this? Expanding on this, let's say one site did compromise your openID credentials, couldn't they use it on every other site using openID (a global password hack)? Wouldn't then the security of your openID then only be

OAuth? ,OpenID? Neither? Which one should my site support?

阅读更多关于 OAuth? ,OpenID? Neither? Which one should my site support?

问题 I working on a new website and wanted some advice/feedback on OAuth vs OpenID vs Standard site owned username/password. 回答1: You may want to read this article by Malcom Tredinnick which explains what openid and oauth are, and do. They serve different purposes. In summary, openid would be used to uniquely identify users - it's an identity solution. oAuth would provide a means to interact with data that your site's users have access to by allowing the user to grant your site temporary access to

小程序获取用户的openid

阅读更多关于小程序获取用户的openid

wx.login({ success: res => { var code = res.code; //返回code // 小程序appid var appId = 'wxd751fc845c90fbd8'; // 小程序密钥 var secret = '6af97b8d384a4c6d7028b77784de997a'; wx.request({ url: 'https://api.weixin.qq.com/sns/jscode2session?appid=' + appId + '&secret=' + secret + '&js_code=' + code + '&grant_type=authorization_code', data: {}, header: { 'content-type': 'json' }, success: function (res) { // console.log(res) var openid = res.data.openid // console.log(openid) that.globalData.userId = openid } }) } }); 来源： https://www.cnblogs.com/dianzan/p/7797722.html

微信小程序获取openid

阅读更多关于微信小程序获取openid

1、执行 wx.login 获取code， 2、请求https://api.weixin.qq.com/sns/jscode2session获取openid 第一步执行一般都没什么问题，第2步执行在开发工具调试、或小程序体验版的调试模式下都可以获取，但在正式版是无法正常获取的，因为小程序执行wx.request请求访问的url要在后台设置为安全域名，而https://api.weixin.qq.com/sns/jscode2session不能。因此我们只能通过后端来获取openid； wx.login({ success: res => { // 发送 res.code 到后台换取 openId, sessionKey, unionId 　 var code= res.code; wx.request({ 　　　url：'xxxxxxxx?code=res.code', //后台接收code，返回openid的接口 header: { 'content-type': 'application/json' }, success: function (res) { console.log(res); //后台数据　　 } }) } }) 后端访问 https://api.weixin.qq.com/sns/jscode2session 　　　参数：　　　　　　appid

小程序获取微信openId

阅读更多关于小程序获取微信openId

用官网小程序的例子，在用户已经登录成功后，粘贴以下代码可以得到openid 1.小程序获取微信openId wx.login({ 　　success: res => { 　　　　// 发送 res.code 到后台换取 openId, sessionKey, unionId 　　　　// var appid = 'wx958dfed141094376'; //填写微信小程序appid 　　　　// var secret = '0e0caf2901e855bb18718c8ce479cd6d'; //填写微信小程序secret 　　　　if (res.code) { 　　　　//调用request请求api转换登录凭证　　　　wx.request({ 　　　　　　url: 'https://api.weixin.qq.com/sns/jscode2session', 　　　　　　data: { 　　　　　　　　//小程序唯一标识　　　　　　　　appid: 'wx958dfed141094376', 　　　　　　　　//小程序的 app secret 　　　　　　　　secret: '0e0caf2901e855bb18718c8ce479cd6d', 　　　　　　　　grant_type: 'authorization_code', 　　　　　　　　js_code: res

统一认证系统（二）

阅读更多关于统一认证系统（二）

【前言】　　每个系统都需要识别操作者的身份，并根据其不同的身份，分配一定的权限，做一些操作上的限制。随着系统的增多，若是单独给每个系统都设计了一套用户资料和权限管理的机制，并提供了用户登录证认，虽可以解决问题，但是将会带来和用户账号管理不方便，用户资料不统一等等问题。所以，将用户资料整合起来，进行统一管理很多必要。　　本文的目的，将有一定联系，拥有统一用户群的系统进行关联，统一用户的登录资料，并提供统一的登录认证入口，这里称为统一认证系统。【正文】　　1、一般上就是用户输入用户名和密码，点击登录。但是用这样的方法，对开发人员来说，可以偷偷的打印出来啊　　2、Passport 方案，即统一认证，一般是 oauth，例如现在有 Oauth2.0 ，用于第三方应用授权登录得到授权码code 获取access token 通过access token,获取OpenID 通过access token及OpenID调用API,获取用户授权信息来源： https://www.cnblogs.com/panie2015/p/5627445.html

OpenID login workflow?

阅读更多关于 OpenID login workflow?

问题 When someone logs into a site using Open ID, what goes on behind the scene? can someone explain to me the work flow/steps of what happens during a typical login from a partner open ID site? (like this site) i.e. when I login at myopenid, what is passed into this site? how does SO know it was a correct login? 回答1: What is OpenId? OpenID is an open, decentralized , free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL,