[OpenID] General questions about 'checkid_immediate'
drecordon at verisign.com
Tue Jan 30 21:16:00 UTC 2007
Rowan hits the nail on the head here. :)
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Rowan Kerr
Sent: Tuesday, January 30, 2007 12:41 PM
To: general at openid.net
Subject: Re: [OpenID] General questions about 'checkid_immediate'
On 1/30/07, David Fuelling <sappenin at gmail.com> wrote:
> How does an OP authenticate a user for an RP *without* user
> interaction on the OP side?
If you use a hidden iframe to make the immediate request, then you can
find out if the user is already logged in. You send your authentication
request in the iframe, and the OP will redirect it back to you through
the browser with pass/fail results.
> Doesn't the user have to "do" something on the OP first (like login,
> or mark an OP as "trusted").
That depends on the implementation of the OP. For example, an OP could
reply to immediate Authentication requests from anywhere regardless of
your relationship, unless they are also trying to do a Fetch with AX.
If your OP wants you to confirm relationships with RP's then the first
time immediate mode request from any RP would fail. Until after you
completed a setup mode request.
general mailing list
general at openid.net
More information about the general