[Code] allowing users to supply an OP Identifier
Andrew Arnott
andrewarnott at gmail.com
Thu Dec 3 05:25:53 UTC 2009
Oooh... I *hate* when OPs do that. It breaks delegation and can confuse or
frustrate RPs that are trying to verify a specific identity.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Wed, Dec 2, 2009 at 9:03 PM, Yang Zhao <yang at yangman.ca> wrote:
> 2009/12/1 russell muetzelfeldt <russm-lists-openid-net at slofith.org>:
> > What I can't figure out how to make work is our own OP so that it will
> respond to requests against an OP Identifier rather than a user's personal
> Identifier.
> >
> > All the code samples I've found for OPs assume that the users will be
> entering their own Identifier at the RP rather than being prompted for both
> identification and authentication (username/password) at the OP. (Also, I'm
> new to OpenID and don't really understand any of the XRDS/YADDIS stuff that
> seems to drive the discovery process.)
>
> Simply always have your OP ask the user for an identity, and override
> the claimed_id and identity fields in the reply on a successful
> authentication.
>
> In a normal flow, these fields will be populated by values determined
> during discovery. Override them on response to assert a different
> identity.
>
> Cheers,
> --
> Yang Zhao
> http://yangman.ca
> _______________________________________________
> Code mailing list
> Code at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-code
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20091202/573051be/attachment.htm>
More information about the Code
mailing list