[Code] OpenId on no HTML user-agents
valentino miazzo
valentino.miazzo at blu-labs.com
Wed Feb 3 11:58:12 UTC 2010
Hi,
I'm developing applications for Bluray players and I would like to add
OpenId compatibility of our applications.
For who don't know, a Bluray applications is a sort of applet wrote in
Java 1.3 using AWT for the UI.
You don't have a built-in HTML browser.
As far I can see, all the big OPs are assuming that the user-agent is
able to parse HTML.
Maybe this is not in the standard but seems to be the current de-facto
situation.
I see 3 solutions;
A) we embed a 100% Java HTML browser on our applications.
We did some tests and existing solutions are far from perfect.
Glitches and issues are common.
Not professional nor reliable.
B) we use "reverse engineering" to see how the top OP implemented their
forms and forge the POST request by hand in the bluray application.
As example, for myopenid we need to reverse how these URL
https://www.myopenid.com/signin_submit ,
https://www.myopenid.com/trust_submit should be used.
This solution is fragile. Our application will break each time one OP
changes something in the POST "syntax".
This leads to the solution C.
C) define in the OpenId specification how OP forms use POST to login
and/or change trust lists.
This solution is the best one because it avoids the use of an HTML
browser and is not prone to break suddenly.
Off course this solution would be beneficial for any device can use HTTP
but not HTML.
How impossible is to have such extension to the standard?
What are the problems?
BTW, I saw a post in the BOARD ML: "Question on implementation of
OAUTH/OpenID for Set-top-box".
It cover the same problem but the thread stops without any solution.
Thanks in advance,
Valentino
More information about the Code
mailing list