OpenID or OAuth - what to choose, depending on your Drupal project

This is a common question among beginner programmers. They tend to confuse these two Drupal authentication providers. It’s not such a big thing, and after this article, you will not have the same doubts every time a project requires a User Login….or at least that’s what we’re hoping.

Similarities between OpenID and OAuth

Yes, you are trying to see the difference and not the resemblances between the two. If you are a true beginner, probably they already look the same to you, and you don't really need to see more similarities. Yet, these pieces of information may help you have the full image.

First of all, both modules are open web standards and have something to do with authentication, security, and authorization.

Both OpenID and OAuth do not work with a unique centralized server. That would be quite dangerous, as a thousand websites use these two modules. In itself, these two modules make browser redirects to a certain client website, and the other way around, by using SSL and SSO technology.

The best part about these two modules (and the one thing you should remember from this paragraph), is that OpenID and OAuth let you have full control over which strange websites and possibly not so benevolent users, “talk” to your website...isn’t that what a truly protective parent would do?

Module’s name says almost all about it

The OAuth is a module used mainly for data sharing and communication between services. Let’s say that you have an app on which you can login with your Twitter account for example. When logging in with your twitter account, for example, that app will know exactly what data you’ve shared with twitter and will act on your behalf. It’s a bit like when you're logging on those Facebook App, or even on Instagram. With OAuth, the user gives permission to a site X on which s/he is logging in, to access the API of a site Y, on which s/he has a previously created account. The OAuth appeared mainly due to the need of not letting a third party app to see or to share passwords, so some may say that the OAuth is a reply and/or an improvement to the OpenID.

OpenID is generally used on Drupal multisites, as this module lets the website’s users logging in on all multisites instances. OpenID lets a third-party authenticate your users for you, by using accounts they have.

The module uses a single set of credentials to let a user log into one or more websites or applications. It is commonly used by beginners, as it is easier to implement and does not require so much time spent on coding and implementation. Yet, do not underestimate this authentication procedure. 

In itself, there is little difference between the two authentication systems, yet the OAuth suits best a wide range of projects, and is widely recommended. The major improvement of OAuth is that it uses HTTP Basic credentials (username and password) to provide an API, feature that is not available for OpenID.

How to use the modules

Set a server, be that SSO or SSL….most people pay for them. As said before, these modules do not use a centralized server, so they will be implemented on the client’s server. So, no matter what module you are using, a secure server will be required.

As mentioned before, OpenID is relatively simpler to implement than OAuth. You will find all the Specs and Libraries on the OpenID website.

In the case of OAuth, some research will be needed before starting the installation of the module. Again, if you are a beginner, the whole procedure may prove a bit too tricky, as you will have to learn more about PECL repository and the PEAR packaging system. Then you will proceed to the actual installation of the module as presented on the page. The detailed procedure may seem a bit difficult at the beginning, yet with a lot of patience, most surely, you’ll be able to carry it out.

If you have problems, do not hesitate to contact us. The contact form below is waiting for your questions.

This is relevant for …

Post a comment