search operators were not applied
Too few matches were found

Ok, as I just have fixed my SMF OpenID endpoint implementation (read details about some very related problems I had here) where I made a few assumptions on those relations. Of course that doesn't prove them right (so please correct me). Here they are:

  • Identifier URL = OpenID endpoint URL = IdP

  • The OpenID endpoint is not unique. It is the same for all end users of that endpoint.

  • Verified identifier URL = identity

  • Verified identifier URL is unique. It is associated to the endpoint user account.

  • https://www.google.com/accounts/o8/id is the Google OpenID endpoint URL.

  • https://www.google.com/accounts/o8/id?id=AltOawk... is the Google OpenID verified identifier URL.

  • The hash the Google OpenID identity URL contains is also related to the OpenID realm (the consumer domain namespace where this OpenID identifier stays valid). That is one of the reasons to not be just the username.

  • About how to provide the unique verified identifier URL, see here.

Still some things remain unclear to me:

  • What other reasons are there that Google uses for the hashed id; it could have also used id?u={username}&oidrealm={...}.

  • What is the reason to have such OpenID realm at all?

  • What exactly is the difference between identifier URL and claimed identifier URL?

Answer from Albert on Stack Overflow
🌐
Stack Overflow
stackoverflow.com › questions › 3260557 › openid-is-the-identifier-url-unique-what-are-the-differences-between-the-ident
OpenID: is the identifier URL unique? what are the differences between the identifiers - Stack Overflow
Top answer
1 of 3
5

Ok, as I just have fixed my SMF OpenID endpoint implementation (read details about some very related problems I had here) where I made a few assumptions on those relations. Of course that doesn't prove them right (so please correct me). Here they are:

  • Identifier URL = OpenID endpoint URL = IdP

  • The OpenID endpoint is not unique. It is the same for all end users of that endpoint.

  • Verified identifier URL = identity

  • Verified identifier URL is unique. It is associated to the endpoint user account.

  • https://www.google.com/accounts/o8/id is the Google OpenID endpoint URL.

  • https://www.google.com/accounts/o8/id?id=AltOawk... is the Google OpenID verified identifier URL.

  • The hash the Google OpenID identity URL contains is also related to the OpenID realm (the consumer domain namespace where this OpenID identifier stays valid). That is one of the reasons to not be just the username.

  • About how to provide the unique verified identifier URL, see here.

Still some things remain unclear to me:

  • What other reasons are there that Google uses for the hashed id; it could have also used id?u={username}&oidrealm={...}.

  • What is the reason to have such OpenID realm at all?

  • What exactly is the difference between identifier URL and claimed identifier URL?

2 of 3
2

Here is my understanding. I am actually just answering the last two questions in your own answer. Hope someone finds these useful.

What is the reason to have such OpenID realm at all?

The realm is used for security. Basically the return_url is checked against the realm, and OpenID specs say they MUST match. Google has taken this one step further, and provides unique verified identifiers for each realm. They might have done as you suggested, and put the realm back in their identifier, but then you could tell by looking at two verified identifiers whether they were the same end-user or not. I think they are trying to keep their identifiers free of identifying information. (ironic, no?)

What exactly is the difference between identifier URL and claimed identifier URL?

The claimed identifier is the one the end-user has specified. This is not their unique identifier. Yahoo is a good example of this. They allow you to specify yahoo.com as your identifier, log into your yahoo account, and return a unique identifier to the openid consumer. This just simplifies the process for the end-user. (And increases the likelihood that they'll use yahoo.com as their openid!)

🌐
HubSpot
blog.hubspot.com › home › website › uri vs. url: what’s the difference?
URI vs. URL: What’s the Difference?
February 13, 2025 - There are two types of URIs: URNs and URLs. A uniform resource name (URN) is a persistent and location-independent identifier that follows the “urn” scheme.
🌐
GoDaddy
godaddy.com › resources › skills › domains › uri vs url vs urn: what’s the difference and why it matters
URI vs URL vs URN: What’s the difference and why it matters - GoDaddy Blog
A URN is a type of URI that identifies a resource by name, not by where it’s located or how to access it. URNs are built to be persistent and location-independent, which makes them ideal for long-term references..
Published   August 19, 2025
🌐
TechTarget
techtarget.com › whatis › definition › URI-Uniform-Resource-Identifier
What is a Uniform Resource Identifier (URI)? | Definition from TechTarget
01:31
Like a URL, a URN identifies a resource. But unlike a URL, a URN is location-independent and persistent, meaning it always identifies the same resource over time.
🌐
Elementor
elementor.com › blog › resources › uri vs. url: the complete technical guide for web creators
URI vs. URL: The Complete Technical Guide for Web Creators
November 12, 2025 - Now we come to the less-known, non-location-based identifier: the Uniform Resource Name (URN). A URN is a type of URI that aims to provide a unique, persistent, location-independent name for a resource.
🌐
Stack Overflow
stackoverflow.com › questions › 46395872 › how-can-i-define-a-unique-url-for-a-user-without-using-their-id
How can I define a unique URL for a user without using their ID?
Top answer
1 of 1
1

This is known as a hash ID, a unique identifier typically generated from a unique attribute like an entity's primary key in the database. Hash IDs are usually shorter than typical hashes created by cryptographic hashing algorithms such as MD5 or SHA-256 and, unlike these, hash IDs are usually reversible, meaning we can decode the original value. They reduce exposure of your application's internal implementation which can improve security.

Check out hashids.org. This site provides implementations in various programming languages.

Unless you have a good reason to do otherwise, avoid generating the hash IDs in the client. By creating the hash IDs on the server, you can guarantee that the IDs are unique and consistent with identifiers used by whatever mechanism your application stores data through.

Edit for comment - here's the procedure you might follow to use a hash ID in a URL:

Let's assume that we're using hash IDs to create links to user profiles. When we generate a page that contains a link to a profile, our application will:

  1. Convert the user ID (ex. 5) to a hash ID (ex. 3ac4jx60)
  2. Show the page with a link like http://example.com/user/3ac4jx60

If the site visitor clicks that link, the application will receive the request and:

  1. Decode the hash ID in the URL to get the user ID (3ac4jx605)
  2. Use the user ID to fetch the appropriate record and display the user's profile
🌐
W3C
w3.org › Addressing › URL › uri-spec.html
Universal Resource identifiers in WWW
The fragment-id follows the URL of the whole object from which it is separated by a hash sign (#). If the fragment-id is void, the hash sign may be omitted: A void fragment-id with or without the hash sign means that the URL refers to the whole object. While this hook is allowed for identification of fragments, the question of addressing of parts of objects, or of the grouping of objects and relationship between continued and containing objects, is not addressed by this document.
🌐
GoDaddy
godaddy.com › home › uri vs url vs urn: the main differences and why it matters
URI vs URL vs URN: the main differences and why it matters - GoDaddy Resources - UAE English
April 6, 2026 - A URN is another type of URI that is used to identify a resource by its name. As mentioned above. a URN is a type of URI that identifies a resource by its name rather than its location.
🌐
Medium
medium.com › @gaspm › nano-id-popular-secure-and-url-friendly-unique-identifiers-1fa86c9fdf7c
Nano ID: Popular, Secure, and URL-Friendly Unique Identifiers | by Michal Gasparik | Medium
December 12, 2024 - The truth is, that Nano ID looks much more friendly in URLs when combined with a so-called slug text compared to the UUID.
Find elsewhere
🌐
Google Cloud
cloud.google.com › blog › products › api-management › api-design-choosing-between-names-and-identifiers-in-urls
API design: Choosing between names and identifiers in URLs | Google Cloud Blog
November 18, 2018 - Faced with these tradeoffs, which style of URL should you choose? The best response is not to choose: you need both to support a full range of function. Providing both styles of URL gives your API a stable identifier as well as the ease of use of hierarchical names.
🌐
Stack Overflow
stackoverflow.com › questions › 31932923 › why-do-we-need-url-identifier-cfbundleurlname-plist-field-to-use-custom-url
Why do we need "URL Identifier" (CFBundleURLName) plist field to use custom URL scheme on iOS? - Stack Overflow
Top answer
1 of 2
11

According to apple docs

The identifier you supply with your scheme distinguishes your app from others that declare support for the same scheme.

Although using a reverse DNS string is a best practice, it does not prevent other apps from registering the same scheme and handling the associated links. Use universal links instead of custom URL schemes to define links that are uniquely associated with your website.

So to answer your question adding a url identifier doesn't change much,but its best to include it,as it is specified by apple.

2 of 2
-4

The URL Identifier is the reversed domain address which is should be the same as your Bundle Identifier e.g. com.companyname.appname

The URL Schemes is the start of the URL e.g 'appname'. When you call this as a URL it targets the bundle identifier which launches the app.

Reference : URL Identifier and URL Schemes

🌐
Network Solutions
networksolutions.com › home › blog › domains & hosting​ › uri vs url: key differences explained with examples
URI vs. URL: Key Differences Explained with Examples
September 25, 2025 - URIs identify resources, URLs specify their locations, and URNs provide persistent, location-independent names. Well-structured URLs and correct identifier types improve SEO, web performance, and API design.
🌐
DOI
doi.org › 10.53731 › r294649-6f79289-8cvzr
Persistent Identifiers and URLs
August 17, 2022 - They use the Handle system to resolve the identifier to a location, and this system was built in the 1990s as infrastructure independent of URLs or DNS (Domain Name Service), at a time when it wasn’t clear yet that URLs and associated standards would become ubiquitous.
🌐
Wikipedia
en.wikipedia.org › wiki › Uniform_Resource_Identifier
Uniform Resource Identifier - Wikipedia
1 week ago - For example, in the International Standard Book Number (ISBN) system, ISBN 0-486-27557-4 identifies a specific edition of the William Shakespeare play Romeo and Juliet. The URN for that edition would be urn:isbn:0-486-27557-4. However, it gives no information as to where to find a copy of that book. A Uniform Resource Locator (URL) is a URI that specifies the means of acting upon or obtaining the representation of a resource, i.e.
HistoryDesignFurther reading
🌐
TechTarget
techtarget.com › searchnetworking › definition › URL
What is a URL (Uniform Resource Locator)? Definition from SearchNetworking
01:31
A URL (Uniform Resource Locator, also called a web address) is a unique identifier used to locate a resource on the internet.
🌐
DEV Community
dev.to › mcheremnov › understanding-urls-uris-and-urns-a-beginners-guide-to-web-identifiers-1nfe
Understanding URLs, URIs, and URNs: A Beginner’s Guide to Web Identifiers - DEV Community
September 17, 2025 - Includes: Both URLs and URNs · Analogy: Like saying "identifier" - it could be a name, address, or both · Subset of URI - identifies AND locates a resource · Purpose: Tells you both what the resource is AND how to find it · Analogy: Like a home address - tells you where something is located · Subset of URI - identifies a resource by name · Purpose: Provides a persistent, location-independent identifier ·
🌐
Zapier
community.zapier.com › home › get help › how do i › how to extract a unique id from a url pattern using the zapier formatter?
How to extract a unique ID from a URL pattern using the Zapier Formatter? | Zapier Community
Top answer
1 of 2
1
Hi @ddpancratzGood question.Options:Ask AIZap action: ChatGPT - Extract Structured DataCodeCustom JavaScriptFormatter > Text > SplitMultiple Zap actionsFormatter > Text > Extract PatternTry this:example-domain.com/(\{[^}]+\})/edit
2 of 2
0
A Code by Zapier Python step would do it.Assuming you map that URL to an Input Data field called `url`:```output = [{'part_i_want': input_data['url'].split('/')[-2]}]```
🌐
Intercom
developers.intercom.com › docs › build-an-integration › learn-more › rest-apis › identifiers-and-urls
Identifiers and URLs | Intercom and Fin Developer Platform
The id field is always defined by the API server and is guaranteed to be unique relative to the type field within a given workspace - this means no two user objects will have the same id field, but a user and a company may have the same value for their id fields. Some object types (such as Contact), also support client defined identifiers.
🌐
Crossref
eventdata.crossref.org › guide › data › ids-and-urls
IDs and URLs and the Web - Event Data User Guide
Whilst it's important to record exactly where we looked to find a particular link, it's also important that we represent content as consistently as possible. The above webpage has metadata indicating the canonical URL. When we identify a canonical URL we use this URL as the subj_id in the Event.
🌐
Stack Overflow
stackoverflow.com › questions › 1752350 › generally-a-good-idea-to-always-hash-unique-identifiers-in-url
language agnostic - Generally a Good Idea to Always Hash Unique Identifiers in URL? - Stack Overflow
Top answer
1 of 8
4

Generally with web-sites you're trying to make them easy to crawl and get access to all the information so that you can get good search rankings and drive traffic to your site. Good web developers design their HTML with search engines in mind, and often also provide things like RSS feeds and site maps to make it easier to crawl content. So if you're trying to make crawling more difficult by not using sequential identifiers then (a) you aren't making it more difficult, because crawlers work by following links, not by guessing URLs, and (b) you're trying to make something more difficult that you also spend time trying to make easier, which makes no sense.

If you need security then use actual security. Use checks of the principal to authorize or deny access to resources. Obfuscating URLs is no security at all.

So I don't see any problem with using numeric identifiers, or any value in trying to obfuscate them.

2 of 8
3

Using a hash like MD5 or SHA on the ID is not a good idea:

  • there is always the possibility of collisions. That is, two different IDs hash to the same value.
  • How are you going to unhash it back to the actual ID?

A better approach if you're set on avoiding incrementing IDs would be to use a GUID, or just a random value when you create the ID.

That said, if your application security relies on people not guessing an ID, that shows some flaws elsewhere in the system. My advice: stick to the plain and easy auto-incrementing ID and apply some proper access control.