What is openid?

OpenID is a free, open standard that lets you use a single online identity (like a username and password) to log into many different websites, instead of creating separate accounts for each site.

Let's break it down

  • Identity Provider (IdP): The service that stores your login details (e.g., Google, Microsoft, or a dedicated OpenID provider).
  • Relying Party (RP): The website or app you want to access (e.g., a forum, a news site).
  • Authentication Flow: You click “Log in with OpenID,” the RP redirects you to the IdP, you sign in there, and the IdP sends a confirmation back to the RP that you are who you claim to be. No password is shared with the RP.

Why does it matter?

  • Convenience: One set of credentials for many sites reduces password fatigue.
  • Security: Fewer passwords mean fewer chances for you to reuse weak passwords or fall for phishing.
  • Control: You can choose which IdP to trust and can revoke access from the IdP’s dashboard at any time.

Where is it used?

  • Social login buttons like “Sign in with Google” or “Sign in with Microsoft.”
  • Enterprise single sign‑on (SSO) solutions that let employees access multiple internal tools with one corporate account.
  • Open-source platforms, forums, and content management systems that support OpenID as a login option.

Good things about it

  • User-friendly: Easy for beginners; just click a button and follow familiar login steps.
  • Interoperable: Works across many different services and platforms because it’s an open standard.
  • Reduced password storage: Websites don’t need to store your password, lowering their risk if they get hacked.
  • Flexibility: You can switch IdPs without changing your accounts on the relying parties.

Not-so-good things

  • Dependency on the IdP: If your IdP experiences downtime or you lose access, you can’t log into any linked sites.
  • Privacy concerns: The IdP can see which sites you’re logging into, potentially building a profile of your online activity.
  • Implementation complexity: For developers, correctly handling the OpenID flow and security checks can be tricky.
  • Limited adoption: Some sites still only support traditional username/password logins, so OpenID isn’t universal yet.