[OpenID] User and password instead of OpenID URL?

Jack jack at jackpot.uk.net
Thu Nov 1 13:27:35 UTC 2007


Christopher St John wrote:
> On 10/31/07, Martin Atkins <mart at degeneration.co.uk> wrote:
>> thomas Armstrong wrote:
>> That is, if the user enters the username "fred" you could transform it
>> into http://fred.example.com/ before doing the OpenID request, thus
>> avoiding the need to enter a URL.
>>
> 
> Section 7.2 "Normalization", rule (3) says that you have to prefix un-
> schemed identifiers with "http://" and use them like that. It's clear
> that http://fred is never going to resolve to anything sensible, but
> would it still be breaking the rules to transform it to
> http://fred.example.com?

I've done this, for a consumer hostname (e.g. this.tld) that serves 
delegate URLs. If the user enters an ID (e.g. "fred") that is free of 
dots, then treat it as "fred.this.tld", or "this.tld/fred". Then proceed 
as per spec.

I don't think this is forbidden, iff the user is attempting to log in to 
this.tld; because you are effectively soliciting a local userid, and 
then authenticating using OpenID.

IMO it would be cool if some convention for doing this kind of thing 
were to appear in the specs.

-- 
Jack.



More information about the general mailing list