[OpenID] hidden iframes to test whether OP is up

Andrew Arnott andrewarnott at gmail.com
Tue Jul 14 00:45:19 UTC 2009 

As long as your in a hidden iframe, I haven't really had a problem detecting
whether an OP is "up". I just send a checkid_immediate their way an a hidden
iframe, and if the iframe never gets redirected back to the RP, then the OP
is "down".  There's a timeout after which the RP's javascript decides "ah,
the OP is down or too slow to wait".
The only problem this has is that some OPs break the rules and show UI even
for checkid_immediate.  But since the iframe is hidden, this just results in
a timeout closing the iframe.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


2009/7/13 SitG Admin <sysadmin at shadowsinthegarden.com>

> To use a hidden iframe at the RP to attempt the checkid_immediate could
>> result in something like the Facebook auto-login experience where the user
>> sees the Facebook login page for a few seconds and then is automatically
>> dragged into his account, which met with some "what the heck just happened?"
>> questions from users.
>>
>
> It would be nice if the top-level page could detect whether the framed page
> had been accessed successfully or not, and then respond to it by informing
> the user and, if necessary, asking what to do next. Would the
> document.domain setting allow for this?
> http://www.dyn-web.com/tutorials/iframes/
> But then we don't want to send the user to *log in* at their OP right away,
> since their OP probably doesn't want to let arbitrary RP's see the page
> they're presenting to a known user; still, we don't need to, as we can
> redirect them that way *after* they've confirmed that they can *see* the OP.
> So, perhaps a page at the OP that ignores any identifying information the
> user may send along with a request, and is able to set document.domain for
> the purpose of letting RP's see that the user can indeed *visit* that OP?
>
> -Shade
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090713/fb91fa55/attachment.htm>

More information about the general mailing list