I am using openid authentication in my web application. I have two tables, one for storing multiple openid_url for any user_id and with openid as primary key.
There is another table with user details with user_id as primary key.
my authentication works and after that I check if the url returned is available in my openid table, if its not there, I redirect to a create user form, while if the url is there, user is redirected to page where he was. But I am facing a strange issue where in the url returned for my email id after google authentication does not match with the value stored in db a day before or so.
I am not sure if I am missing something or do I have to use some thing else in openid 2.0.
Any clue at this point is highly appreciated.
I got one more thread which deals with information I am looking for. Why does the ID of Google's OpenID implementation change?
Google uses unique identifiers for every service provider (relaying party).
Please verify that your side using a consistent openid.realm. That is the protocol and domain name of your side. For example: https://stackauth.com
If you mix using of a "www." prefix or not using it or mixing http or https, Google will see you as distinct service providers and provide different ids for the same user.