[Openid-specs-ab] Using UserInfo EP from a Javascript Client (was: Implicit grant and javascript clients)

hideki nara hdknr at ic-tact.co.jp
Wed Sep 28 19:18:11 UTC 2011


Thanks Nat.
I'm not a HTML5 specialist. Could anyone  describe how the postMessage can
resolve this Javascript senario?
 An script in IFrame of OP source can post a UserInfo JSON to RP's HTML land
?

----
hdknr

2011/9/28 sakimura <sakimura at gmail.com>

> Actually, we used to have JSONP response in earlier drafts.
>
> It was dropped in preference of HTML5 postMessage, I think.
>
> =nat
>
> On Fri, 16 Sep 2011 14:24:13 +0200, Andreas Åkre Solberg wrote:
>
>> I'm thinking of making a proof of concept Connect client that runs in
>> the browser.
>>
>> I cannot think of a use case where it really makes a lot of sense,
>> though. What do you think?
>>
>> With the implicit grant flow, it is possible and pretty simple to do
>> this proof of concept. You can get an access token, and the id token,
>> and even verify the id token, and extract the user id. What you cannot
>> do, though is access the user info service. To make the user info
>> service work, the only neccessary step; was to add support for JSONP.
>>
>> Is there any good descriptions (concrete examples) available on what
>> use cases the implicit grant flow serves?
>>
>> Andreas
>>
>
> ______________________________**_________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.**net <Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/**mailman/listinfo/openid-specs-**ab<http://lists.openid.net/mailman/listinfo/openid-specs-ab>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110929/0291287a/attachment.html>


More information about the Openid-specs-ab mailing list