I am getting ready to start a project that requires using OpenID within Coldfusion 8. I have found a number of different options and was wondering what has worked the best, get's the most support, stays up to date, etc…
I'd vote for OpenID CFC---but maybe that's because I'm one of the project's developers... ;-)
So although I'm obviously biased, here's why I recommend OpenID CFC:
It supports OpenID 2.0 and IS updated fairly regularly when necessary
CFKit OpenID only supports OpenID 1.1
CFOpenID supports OpenID 2.0, but doesn't appear to have been updated for a long time.
I don't know when Jason looked at the libraries or what issues he had, but you shouldn't have any issues if you want to use OpenID CFC. When I updated it to support OpenID 2.0 I made several changes that really simplified the API so it's really easy to use.
RPX is also a good alternative. But it's not free and since it's a third-party system you are relinquishing a little bit of control over the system.
OpenID is about authentication (ie. proving who you are), OAuth is about authorisation (ie. to grant access to functionality/data/etc.. without having to deal with the original authentication).
OAuth could be used in external partner sites to allow access to protected data without them having to re-authenticate a user.
I think the way Uservoice combines username+password with OpenID is elegant.
That said, I disagree with the argument of not using OpenID merely because few people have heard of it. If you offer a few login buttons like "Login with Google" and "Login with Yahoo" alongside your "or, create a new username and password for yourself", then you don't even have to mention OpenID, and yet most users will likely pick the more convenient (OpenID) option without even realizing what they're using (and that's good!)
Best Answer
I'd vote for OpenID CFC---but maybe that's because I'm one of the project's developers... ;-)
So although I'm obviously biased, here's why I recommend OpenID CFC:
I don't know when Jason looked at the libraries or what issues he had, but you shouldn't have any issues if you want to use OpenID CFC. When I updated it to support OpenID 2.0 I made several changes that really simplified the API so it's really easy to use.
RPX is also a good alternative. But it's not free and since it's a third-party system you are relinquishing a little bit of control over the system.