Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Shedal2012-01-17 10:28:52
OAuth
Shedal, 2012-01-17 10:28:52

How to use OpenID without asking the user for their OpenID URL?

I'm bringing up an OpenID provider with DonNetOpenAuth and I'm stuck.

It seems that OpenID implies that on a site that is an OpenID client, the user will enter their OpenID URL and then be redirected to the provider's page. The previously submitted URL is given to the page as a parameter (when using the checkid_setup mode).

But I often see a more convenient solution - for example, in the form of a "Sign in with a Google account" button. Then the user is not asked for any URLs, but simply redirected to a special page on Google, where he either logs in, or simply redirects back if he is already logged in (or selects the account he wants to use if he is already logged in under several accounts) .

How to implement this? Does it have something to do with the check_immediate mode?

In principle, I implement the provider for internal purposes, so I could use OAuth if it is more convenient. Yes, yes, I know OAuth is meant for authorization, not authentication, but it seems that lately this protocol is trying to support all possible use cases.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
P
PomanoB, 2012-01-17
@Shedal

As I understand it (I could be wrong):
The button does not lead directly to Google, but to its own script, which:
1) Requests a document from Google at www.google.com/accounts/o8/id :

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
  <XRD>
  <Service priority="0">
  <Type>http://specs.openid.net/auth/2.0/server</Type>
  <Type>http://openid.net/srv/ax/1.0</Type>
  <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
  <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
  <Type>http://specs.openid.net/extensions/pape/1.0</Type>
  <URI>https://www.google.com/accounts/o8/ud</URI>
  </Service>
  </XRD>
</xrds:XRDS>

2) Parses the response, learns from it the features and extensions supported by the provider, and the address of the page on which the user must log in
3) Redirects the user to this page, naturally composing the correct request with all fields (openid.ns, openid.mode, etc.) e.)
After authorization, Google redirects the user to the specified openid.return_to, after which our script makes a request to Google to check authorization

Similar questions
N
Ninja Mate2016-02-09 20:53:57
Can I have an example implementation of a request (?) WP + WP OAuth Server + SPA? 1Reply
D
Dmitry2018-06-27 00:48:46
How to login to Spotify using Vue + Express? 0Reply
I
INDESIGNCLUB2016-02-12 18:34:58
List of allowed redirect_uri - Exceeded allowed number of characters? 1Reply
S
Sergey Krivochenko2013-11-13 11:53:21
Redirect_uri with parameters when using OAuth authorization 8Reply
V
Viktor2016-03-28 00:15:26
How to log in to instagram from java, get a code and then an access token? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question