Hi Andrew and Pete,<div><br></div><div>Thanks for your answers. That makes sense. I'm developing using google web toolkit (GWT) wth PHP as my backend. Two questions on this though:</div><div><br></div><div>1) If the user authenticates once with their OP, then hits "allow this site to remember me", I guess I'm returned some info from the OP about that decision. So then I would write a cookie about their decision. What would I include in the cookie - just their OpenID username/url right? That way when they visit my site again, I grab the name from the cookie, then just run the login service again immediately?</div>
<div><br></div><div>2) OpenID looks good and would work well for my webapp, but I also wanted to make a thick-client for both iPhone and Android - I don't see how I would use OpenID there - I definitely don't want to have two authentication systems, one for web users, another for the phone clients, but it looks like this is kind of what I would need to do? I would think that if I tried using OpenID on the cell phones, users would think I'm trying to steal their gmail etc account info?</div>
<div><br></div><div>Thanks,</div><div>Mark</div><div><br><br><div class="gmail_quote">On Mon, Jun 22, 2009 at 9:30 AM, Andrew Arnott <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi Mark,<div><br></div><div>A user's first visit to your site will never be able to auto-login based on their Google account. The user must first explicitly log in, including seeing the Google UI whether by redirect or popup, in order for Google to know that the user trusts your site enough to log in. From that point on (assuming the user left "allow this site to remember me" checked), you can auto-login that user on that computer by leaving a persistent cookie that hints to your site that they're a google user and then you can use OpenID's checkid_immediate with AJAX to do the background login. That's roughly what Facebook is doing. I wouldn't say it's a polished user experience yet though.</div>
<div><br></div><div>Out of curiosity, what's your web platform? <br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote"><div><div></div><div class="h5">On Sun, Jun 21, 2009 at 10:41 PM, Mark Wyszomierski <span dir="ltr"><<a href="mailto:markww@gmail.com" target="_blank">markww@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div class="h5">
Hi,<div><br></div><div>I'm trying to integrate OpenID into my webapp, but it's working a little differently than I expected. </div><div><br></div><div>1) When a new user comes to my site, I have to authenticate them - this means they need to either get redirected to their provider, or the provider needs to have a popup window capability for authentication while still at my site. The redirect is a little jarring, the popup is better, but does anyone find that some users are confused by it/think it's a phishing deal?</div>
<div><br></div><div>2) After authentication is complete, I can write my own session cookie so that if the user revisits my site, I can try to automatically log them back in to my app without re-authenticating through openid. I heard about this Facebook/Google deal where if you're logged into gmail, somehow you're already authenticated for Facebook. If this is true, how would this work? When I first started looking at OpenID, I was hoping the same could work for my webapp. Since most users are logged into gmail anyway, when they visit my site, I could see them as already authenticated with Google and skip step #1? This would be similar to an auto-login.</div>
<div><br></div><div>Thanks for any info </div>
<br></div></div>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>