What are the differences between the PHP implementation of the Janrain PHP library OpenID and LightOpenID .
Is another safer?
According to the Google best practices page :
A proper OpenID implementation should:verification of checks of cryptographic signaturesnonces checkDiscovery of the Yadis
A proper OpenID implementation should:
verification of checks of cryptographic signatures
nonces check
Discovery of the Yadis
I assume the Janrain library fulfills all of these requirements since Google recommends the library, but LightOpenID fulfills 1 and 2.
LightOpenID uses a stateless version of the protocol, which makes it much easier than the Janrain library.
(, , ..), LightOpenID . , , .