[Code] Receiving an OpenID authResponse message without a browser
Matthias-Christian Ott
ott at mirix.org
Fri Jan 28 16:37:47 UTC 2011
On Fri, Jan 28, 2011 at 09:59:43AM +0530, Hemal wrote:
> My requirement is to receive an OpenID authResponse from a java class
> without using a web browser. With the help of openid4java i was able to
> receive authResponse by writing a servlet.
>
> There when the user enters his openid, browser will be redirected to the
> openid authentication page (if authentication has not been done during the
> session.). Then after successful authentication by the OpenID provider it
> will redirect to the URL specified by the returnToUrl.
The end user's user-agent is always redirected to the OpenID provider
by the relaying party in order to verify the end user's identity. But
most providers, which use user names and passwords, don't show a login
page if the end user already logged in during the session.
> Because of this redirection I am unable for figure out away to receive a
> authResponse from a openid provider without using a browser. Can anybody
> help me in this regards.
If I understand you correctly, you want to authenticate a end user
without the end user's user-agent, so that end user enters her
identifier in a form and suddenly she is authenticated.
OpenID can't do that. Roughly speaking, OpenID is designed so that
the end user presents her identifier which she claims to own to the
relaying party (i.e. the website she wants to login into) and the
OpenID provider than checks if the end users owns the identifier and
tells this the relaying party.
Regards,
Matthias-Christian
More information about the Code
mailing list