Identifier_select response

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Wed Feb 6 12:45:13 PST 2008 

Thanks Kevin,

Kevin Turner wrote:
> e.g. 
>
> if (req->idSelect()) {
>     # If we need to do identity selection, log me in as
> kevin.janrain.com,
>     # which delegates to the keturn.myopenid.com account.
>     claimed_id = "http://kevin.janrain.com/"
>     identity = "https://keturn.myopenid.com/"
>     req->answer(True, server_url, identity, claimed_id)
> }
>   
OK, now the following:

At this stage the RP sends this: [openid_claimed_id] => 
http://specs.openid.net/auth/2.0/identifier_select

How do you know that the claimed_id field is supposed to be 
"http://kevin.janrain.com/"?
All I know is, that a request against my server was made and if the user 
is logged in I know his ID. Obviously I'm able to build the identity 
field, else bumping to log the user in. What am I supposed to do with 
the claimed_id? At this stage the $request->identity has the value 
"http://specs.openid.net/auth/2.0/identifier_select".

>
> When using the OP-driven identifier selection flow, the RP needs to make
> at least two discovery requests.  The first discovers the OP and
> endpoint, as marked by Type Auth_OpenID_TYPE_2_0_IDP.
OK, that's easy, no problem with that.
>   Then, after you
> do the redirect and receive the assertion in the id_res message, the RP
> does discovery on the claimed identifier, marked by Type
> Auth_OpenID_TYPE_2_0, to make sure that the OP endpoint it received the
> assertion from is actually authoritative for that claimed identifier.
>   
OK, slowly now. First the xrds sends "Auth_OpenID_TYPE_2_0_IDP". If I 
can send the identity as in your example of idSelect() above the rest 
should be rather easy, but I think the show stopper I'm having is the 
part above, i.e. the consumer always returns "OpenID authentication 
failed: No OpenID information found at 
http://specs.openid.net/auth/2.0/identifier_select"
> Since that second request is for the claimed identifier, that's how you
> identify it, rather than by session.
>   

-- 
Regards 
 
Signer:  	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber:  	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog:  	Join the Revolution! <http://blog.startcom.org>
Phone:  	+1.213.341.0390
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080206/7d6a291e/attachment.html

More information about the Dev mailing list