12  

Since this is one of the top search results when searching for OpenID Database Structures on Google, and the Plaxo link referenced in the previous answer is no longer around. I've copied and pasted the content of the Plaxo instructions below. I was able to get them by using the wayback machine page referenced here. Keep in mind that because of *'s 30000 character restrictions, I will have to crop certain sections, and Joseph Smarr included some images in his instructions, so you might want to look at the wayback machine page I referenced. -Jason

因为在谷歌上搜索OpenID数据库结构时，这是最重要的搜索结果之一，并且前面的答案中引用的Plaxo链接已经不复存在。我已经复制粘贴了下面Plaxo指令的内容。我可以使用这里引用的wayback机器页面来获得它们。请记住，由于*的3万个字符限制，我将不得不裁剪某些部分，而Joseph Smarr在他的指令中包含了一些图像，所以您可能想要查看我引用的wayback machine页面。杰森

A Recipe for OpenID-Enabling Your Site

Prepared by Joseph Smarr at Plaxo on July 18, 2007.

2007年7月18日，约瑟夫·斯玛在Plaxo编写。

This is a step-by-step tutorial guide for implementing OpenID consumer-side support with a web site that already has users with accounts. It will explain how to easily let new users sign up for an account on your site using their OpenID URL and how to let existing users attach their OpenID(s) so they can sign in using them.

这是一个循序渐进的教程指南，用于实现OpenID客户端支持，该网站已经拥有帐户用户。它将解释如何方便地让新用户使用他们的OpenID URL注册您的站点上的一个帐户，以及如何让现有用户附加他们的OpenID，以便他们可以使用它们登录。

I developed this guide by talking to fellow OpenID developers at the Internet Identity Workshop and elsewhere, and by implementing OpenID support for Plaxo using these instructions. I've also posted detailed screenshots of Plaxo's implementation for reference. I've intended for this guide to be clear and complete and to follow best-practices, but if you have any questions or feedback, please let me know at ob_male('joseph','plaxo.com'); or by posting a comment on Plaxo's blog.

我在Internet Identity研讨会和其他地方与OpenID开发人员进行了交谈，并使用这些说明实现了对Plaxo的OpenID支持。我还发布了Plaxo的实现的详细截图，以供参考。我希望本指南清晰完整，并遵循最佳实践，但如果您有任何问题或反馈，请在ob_male('joseph'，'plaxo.com')让我知道;或者在Plaxo的博客上发表评论。

This guide may look a bit long, but my hope is you can just follow it straight through without thinking much, and you'll be completely done by the time you reach the end! :)

这个指南可能看起来有点长，但我希望你可以直接按照它进行，而不需要想太多，你将完全完成，当你到达终点!:)

Overview

I'm assuming your web site currently has:

我假设你的网站目前有:

• A user database with rows for each user
  • Each user has a unique internal user ID
  • 每个用户都有一个惟一的内部用户ID。
  • Users currently sign in using a username/e-mail and password
  • 用户目前使用用户名/电子邮件和密码登录
• 一个用户数据库中，每个用户都有一个唯一的内部用户ID，用户当前使用用户名/电子邮件和密码进行签名
• A registration flow for signing up new users and getting collecting basic profile info
• 注册流程，用于注册新用户并获取基本的配置信息
• A signin page for authenticating users
  • Internally you authenticate users based on username/e-mail and password, look up their unique user ID, and use it in the rest of your site
  • 在内部，您根据用户名/电子邮件和密码对用户进行身份验证，查找他们的唯一用户ID，并在站点的其他部分使用它
• 用户身份验证的登录页面，您可以基于用户名/电子邮件和密码对用户进行身份验证，查找他们的唯一用户ID，并在站点的其他部分使用它
• A settings page for users to manage their account info.
• 用户管理帐户信息的设置页面。

If your site doesn't look like this, you should still be able to follow along, but some of the sections may not be relevant to you.

如果你的网站看起来不像这样，你仍然可以跟随，但是有些部分可能与你无关。

Snipped.. so check the wayback machine link up above for the rest.

剪掉. .所以，请查看上面的回程机链接。

Implementation details

• Your CGI should take two basic input (query) parameters:
  • openid_url: the OpenID entered by the user (for registration, signin, attaching, etc.)
  • openid_url:用户输入的OpenID(用于注册、登录、附加等)。
  • action_type: the operation the user wants to perform. Possible values will be login, complete, attach, list, and delete. (If you're using Rails or a similar system, these could also be controller methods and thus part of the URL itself.)
  • action_type:用户想要执行的操作。可能的值是登录、完成、附加、列表和删除。(如果您正在使用Rails或类似的系统，这些也可以是控制器方法，因此是URL本身的一部分。)
• 您的CGI应该接受两个基本的输入(查询)参数:openid_url:用户输入的OpenID(用于注册、登录、附加等)action_type:用户想要执行的操作。可能的值是登录、完成、附加、列表和删除。(如果您正在使用Rails或类似的系统，这些也可以是控制器方法，因此是URL本身的一部分。)
• Implement the login action (this is where the UI you added to the registration and signin flows will both submit to)
• 实现登录操作(这是您添加到注册和登录流的UI都要提交的地方)

1. Look up the provided openid_url using the GetUserId function described above.
2. 使用上面描述的GetUserId函数查找提供的openid_url。
3. If the OpenID is already attached to a user in your system, check to see if the user is currently signed in to your site.
4. 如果OpenID已经连接到系统中的用户，请检查用户是否已经登录到您的站点。
1. If the user is not signed in, they are attempting to sign in as an existing user, so prepare to redirect to their OpenID provider, but set a flag to NOT ask the provider for registration info (since the user is not signing up for a new account).
2. 如果用户没有登录，他们将尝试以现有用户的身份登录，因此准备重定向到他们的OpenID提供程序，但是设置一个标记，不向提供程序请求注册信息(因为用户没有注册新帐户)。
3. If the user is already signed in, and this OpenID already belongs to them (i.e. the OpenID URL is mapped to the same user_id as the currently signed-in user), then you don't have to do anything (this user is already signed in and already attached that OpenID, so this is a no-op). This is an edge case.
4. 如果用户已经登录,这OpenID已经属于他们(比如OpenID URL映射到相同的user_id当前登录用户),那么你不需要做任何事(这个用户已经签署了在OpenID和已连接,这是一个空操作)。这是一个边缘情况。
5. If the user is already signed in but the OpenID belongs to a different user, show an error message saying that this OpenID has already been claimed by another user. You can also provide the user the option to sign out and try again. This is an edge case.
6. 如果用户已经签入，但OpenID属于不同的用户，则显示一条错误消息，说明该OpenID已被另一个用户声明。您还可以向用户提供退出和重试的选项。这是一个边缘情况。
5. If the OpenID is NOT currently in your database, the user is trying to sign up for a new account, so prepare to redirect to their OpenID provider and ask for registration info.
6. 如果OpenID目前不在您的数据库中，那么用户正在尝试注册一个新帐户，所以准备重定向到他们的OpenID提供程序并询问注册信息。
7. Save the provided openid_url in your session, since you'll need it to remember it when the OpenID provider redirects back to you, and the provider may not return it to you. If you don't have a session, you can use your database, but it has to be somewhere persistent and protected from user-tampering (i.e. not in a cookie or something that could be changed or forged by the user). 
   (The reason you need to store the requested OpenID is that OpenID lets users delegate their OpenID to another provider behind-the-scenes. For instance, if I try to sign up with the OpenID josephsmarr.com, I may have actually delegated that URL to a different OpenID like jsmarr.myopenid.com, and when the provider returns to you to complete authentication, you need to remember that I wanted to sign up as josephsmarr.com and not jsmarr.myopenid.com. Luckily your OpenID library will most likely handle this for you, but you still have to keep the originally requested OpenID in your session for now. This may be solved in the upcoming OpenID 2.0 spec.)
8. 将提供的openid_url保存在会话中，因为当OpenID提供程序重定向给您时，您需要它记住它，而提供程序可能不会将它返回给您。如果你没有会话，你可以使用你的数据库，但是它必须是一个持久的并且保护不受用户篡改的地方(例如，不在一个cookie或者其他可以被用户修改或伪造的东西中)。(需要存储所请求的OpenID的原因是，OpenID允许用户将其OpenID委托给另一个提供者。例如，如果我尝试注册OpenID josephsmarr.com，我可能已经将该URL委托给了另一个OpenID，比如jsmarr.myopenid.com，当提供者返回给您完成身份验证时，您需要记住我想注册为josephsmarr.com而不是jsmarr.myopenid.com。幸运的是，您的OpenID库很可能会为您处理这个问题，但是您仍然需要将最初请求的OpenID保存在会话中。这可以在即将发布的OpenID 2.0规范中解决)。
9. Construct your return_to URL for the OpenID provider to return to after the user has authenticated. This will be your OpenID login CGI with the complete action specified.
10. 构造return_to URL，以便OpenID提供程序在用户验证后返回。这将是您的OpenID登录CGI，并指定完整的操作。
11. If you've determined above that the user is registering for a new account, decide what registration info to ask for. Most OpenID providers support the simple-registration extension, which is a list of common registration fields that you can request as required or optional for your site, including full name, e-mail, nickname, gender, date of birth, gender, postal code, country, language, and time zone. If you ask for these fields and the user consents to provide them, you can pre-fill them into your registration flow, thus removing time and friction from your registration process. If your OpenID consumer library doesn't natively support requesting simple-registration parameters, see if they have a general facility for supporting extensions, or worst-case you can manually add it to the generated redirect URL before redirecting.
12. 如果您在上面确定用户正在注册一个新帐户，请决定需要什么注册信息。大多数OpenID提供程序都支持简单注册扩展，这是一个公共注册字段列表，您可以根据需要或可选地对您的站点进行请求，包括全名、电子邮件、昵称、性别、出生日期、性别、邮政编码、国家、语言和时区。如果您请求这些字段，并且用户同意提供这些字段，您可以将它们预填充到注册流中，从而消除注册过程中的时间和摩擦。如果您的OpenID使用者库本身不支持请求简单注册参数，请查看它们是否具有支持扩展的通用功能，或者最坏的情况是，您可以在重定向之前将其手动添加到生成的重定向URL。
13. Call checkid_setup in your OpenID library to generate the URL to redirect to the user's OpenID provider. Pass in the (canonicalized) OpenID provided by the user and the return_to URL you constructed above. Also pass in the simple registration info you want if appropriate. Depending on your library, you may need to trap and handle some errors from this function. But assuming everything goes well, it will give you back a URL to redirect to.
14. 调用OpenID库中的checkid_setup来生成URL以重定向到用户的OpenID提供程序。传递用户提供的(规范化的)OpenID和上面构造的return_to URL。如果合适的话，也要传递你想要的简单注册信息。根据您的库，您可能需要捕获并处理这个函数中的一些错误。但如果一切顺利，它将返回一个URL以重定向到。
15. Have your CGI redirect to the provided URL, ideally by issuing a server-side redirect response.
16. 让您的CGI重定向到所提供的URL，最好是通过发出服务器端重定向响应。
17. The user will be redirected to their OpenID provider's web site. They will be asked to sign in (unless they've recently signed in there), they will be asked whether they trust your web site, and if you've asked for simple registration info, they'll be asked what info they want to share with you. Once they complete this process, the OpenID provider will redirect the user back to the return_to URL you supplied, which will then let you initiate your complete action to finish the job.
    
    Here are some screenshots of signing into an OpenID provider (myopenid.com in this case) and being prompted to share some registration info with Plaxo:
    
18. 用户将被重定向到他们的OpenID提供者的网站。他们会被要求签到(除非他们最近在那里签到)，他们会被问他们是否信任你的网站，如果你问他们简单的注册信息，他们会被问他们想和你分享什么信息。一旦他们完成了这个过程，OpenID提供程序就会将用户重定向回您提供的return_to URL，然后您就可以启动完整的操作来完成任务。下面是一些登录到OpenID提供商(这里是myopenid.com)并被提示与Plaxo分享一些注册信息的截图:

...and you're done!

Snipped.. so check the wayback machine link up above for the rest. Joseph goes through some best practices for OpenID, but at this point you should have a working example.

剪掉. .因此，请检查上面的wayback机器连接到上面的其他部分。Joseph介绍了OpenID的一些最佳实践，但是现在您应该有一个可用的示例。