[Code] OpenID in SASL using JanRain's PHP library
Simon Josefsson
simon at josefsson.org
Wed Mar 28 19:38:57 UTC 2012
Hi!
I have written an implementation of the OPENID20 mechanism for SASL, and
my example SMTP server is using JanRain's PHP library to do the OpenID
part. Since this environment is a bit unusual -- the initial OpenID
discovery and redirect is not done through a web browser but through
SMTP -- I wanted to reach out to the experts here, to get review of the
code.
The code is here:
http://git.savannah.gnu.org/cgit/gsasl.git/tree/examples/openid20
For an explanation of how the tools work together, see:
http://git.savannah.gnu.org/cgit/gsasl.git/tree/examples/openid20/README
What I'd like in particular to get feedback on is the PHP code
implementing the redirect and RP parts. The initial redirect code is
here:
http://git.savannah.gnu.org/cgit/gsasl.git/tree/examples/openid20/gsasl-openid20-redirect.php
The RP code is here:
http://git.savannah.gnu.org/cgit/gsasl.git/tree/examples/openid20/gsasl-openid20-rp.php
Some questions to trigger your imagination:
1) Is the session-handling appropriate? The redirect tool cannot set
any cookies which the rp tool can inspect. Does this lead to any
problem?
2) What attributes are signed? The Claimed ID? The SREG values?
Should I do any additional calls to make sure something is signed.
Any suggestions? Feedback is appreciated.
/Simon
More information about the Code
mailing list