[Code] Receiving an OpenID authResponse message without a browser

Andrew Arnott andrewarnott at gmail.com
Sat Jan 29 00:58:41 UTC 2011 

+1

Hemal, people who ask for this usually misunderstand OpenID fundamentally.
 It can't protect what you likely are trying to protect with it.  OAuth may
be your answer though.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


On Fri, Jan 28, 2011 at 8:37 AM, Matthias-Christian Ott <ott at mirix.org>wrote:

> On Fri, Jan 28, 2011 at 09:59:43AM +0530, Hemal wrote:
> > My requirement is to receive an OpenID authResponse from a java class
> > without using a web browser. With the help of openid4java i was able to
> > receive authResponse by writing a servlet.
> >
> > There when the user enters his openid, browser will be redirected to the
> > openid authentication page (if authentication has not been done during
> the
> > session.). Then after successful authentication by the OpenID provider it
> > will redirect to the URL specified by the returnToUrl.
>
> The end user's user-agent is always redirected to the OpenID provider
> by the relaying party in order to verify the end user's identity. But
> most providers, which use user names and passwords, don't show a login
> page if the end user already logged in during the session.
>
> > Because of this redirection I am unable for figure out away to receive a
> > authResponse from a openid provider without using a browser. Can anybody
> > help me in this regards.
>
> If I understand you correctly, you want to authenticate a end user
> without the end user's user-agent, so that end user enters her
> identifier in a form and suddenly she is authenticated.
>
> OpenID can't do that. Roughly speaking, OpenID is designed so that
> the end user presents her identifier which she claims to own to the
> relaying party (i.e. the website she wants to login into) and the
> OpenID provider than checks if the end users owns the identifier and
> tells this the relaying party.
>
> Regards,
> Matthias-Christian
> _______________________________________________
> Code mailing list
> Code at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-code
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20110128/101680ea/attachment.html>

More information about the Code mailing list