Open ID overview

Last updated on
30 November 2016

The OpenID module adds a feature to the User login block and displays a new link allowing a user to sign in using OpenID. The new OpenID link is located below the user/password field, and can be enabled by navigating to Administer > Site building > Modules (in Drupal 7: Administer > Modules), and selecting the checkbox next to the OpenID module.

OpenID is a secure method for logging into many websites with a single username and password. It does not require special software, and it does not share passwords with any site to which it is associated; including your site.

Users can create Drupal accounts using their OpenID. This lowers the barrier to registration, which is good for the site, and offers convenience and security to the users. OpenID is not a trust system, so email verification is still necessary. The benefit stems from the fact that users can have a single password that they can use on many websites. This means they can easily update their single password from a centralized location, rather than having to change dozens of passwords individually.

Note: If OpenID is enabled on a Drupal installation with an existing user base, those users need to assign one or more OpenIDs to their account before they can log in using an OpenID. This is accomplished by each user editing their OpenID identity under their user profile. Attempting to login with an OpenID that is not yet linked can easily lead to the creation of a new user if error messages aren't read or understood - and can be confusing to existing users.

Concept Overview

The basic concept is as follows: A user has an account on an OpenID server. This account provides them with a unique URL (such as When the user comes to your site, they are presented with the option of entering this URL. Your site then communicates with the OpenID server, asking it to verify the identity of the user. If the user is logged into their OpenID server, the server communicates back to your site, verifying the user. If they are not logged in, the OpenID server will ask the user for their password. At no point does your site record, or need to record the user's password.

More information on OpenID is available at