[OpenID] User and password instead of OpenID URL?
Jack
jack at jackpot.uk.net
Thu Nov 1 13:27:35 UTC 2007
Christopher St John wrote:
> On 10/31/07, Martin Atkins <mart at degeneration.co.uk> wrote:
>> thomas Armstrong wrote:
>> That is, if the user enters the username "fred" you could transform it
>> into http://fred.example.com/ before doing the OpenID request, thus
>> avoiding the need to enter a URL.
>>
>
> Section 7.2 "Normalization", rule (3) says that you have to prefix un-
> schemed identifiers with "http://" and use them like that. It's clear
> that http://fred is never going to resolve to anything sensible, but
> would it still be breaking the rules to transform it to
> http://fred.example.com?
I've done this, for a consumer hostname (e.g. this.tld) that serves
delegate URLs. If the user enters an ID (e.g. "fred") that is free of
dots, then treat it as "fred.this.tld", or "this.tld/fred". Then proceed
as per spec.
I don't think this is forbidden, iff the user is attempting to log in to
this.tld; because you are effectively soliciting a local userid, and
then authenticating using OpenID.
IMO it would be cool if some convention for doing this kind of thing
were to appear in the specs.
--
Jack.
More information about the general
mailing list