133

Possible Duplicate:
What's the difference between OpenID and OAuth?

What is really the difference between OpenID and oAuth? They look just the same to me.

I should clarify, I'm planning to use them in drupal, if that makes any difference. So I guess I'm bound by whatever module implementations are available in drupal.

Community
  • 1
  • 1
loop
  • 1,387
  • 2
  • 9
  • 4

5 Answers5

246

OpenID is a way to specify one identity for multiple sites so you don't need to register over and over again.

OAuth is a way to allow one application access to one account without giving said application your account login information. You can use them in conjunction.

More info: OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing

107

If you have an account (with some private resources) in a website, you can log in with username/password couple. If an application would like to get some private resources, and if you don't want to give them your username/password, use OAuth.

But if you want to log in into multiple websites with a unique account, use OpenID.

(Some websites use OAuth like OpenID, and OpenID can be use like OAuth if you have some private stuff in your OpenID account)

Dorian
  • 19,009
  • 8
  • 108
  • 111
  • 7
    Just comprised all the information got. Hope this [OpenID & OAuth](http://techastute.blogspot.com/2012/05/openid-authentication-oauth.html) is useful. – raksja May 21 '12 at 20:20
78

OpenID = using login credentials from an OpenID provider (Google) to login to another application (Stack Overflow)

OAuth = Allowing an application (TwitPic) to act on your behalf to and access information from an application that you use (Twitter).

They can be used in conjunction with each other.

gmoore
  • 5,396
  • 4
  • 26
  • 35
  • Is'nt that the case that Stack Overflow or other websites that belong to stackoverflow like serverfault use OAuth for new user signup using google or facebook and OpenID for signup using other website of their domain like serverfault or askubuntu. In OAuth we can restrict what information is flowing from authentication party(facebook) to service provider(stackoverflow). In OpenID we simply give a certificate symbolizing the person as legal and give access to whole database. Since stackoverflow or askubuntu belong to same domain they can exchange certificates with full access to user databases. – Revanth Kumar May 05 '15 at 23:06
20

OpenID is purely* for multi-site authentication with a single set of credentials.

OAuth is for letting applications access each other securely: data sharing. Think of it as setting a bond of trust between two things, eg allowing your flickr account to post things on your facebook wall or hooking your flickr photos into a third-party printing website.

OAuth isn't just about site-to-site. You can link in desktop applications with no real concept of "identity" to an identity-driven site like Facebook or twitter (eg a twitter client being able to post to your feed without having to store your login details).

There are similarities but OAuth is really all about the service-to-service links.

Oli
  • 215,718
  • 61
  • 207
  • 286
20

OpenID is about authentication to many sites with one username.
OAuth is about authorization - site A has permission to call site B's api.

Here's another good article/analogy explaining the differences: http://www.dotnetopenauth.net/about/about-oauth/

Landon Poch
  • 832
  • 1
  • 8
  • 17