Answer the question
In order to leave comments, you need to log in
How to use OpenID without asking the user for their OpenID URL?
I'm bringing up an OpenID provider with DonNetOpenAuth and I'm stuck.
It seems that OpenID implies that on a site that is an OpenID client, the user will enter their OpenID URL and then be redirected to the provider's page. The previously submitted URL is given to the page as a parameter (when using the checkid_setup mode).
But I often see a more convenient solution - for example, in the form of a "Sign in with a Google account" button. Then the user is not asked for any URLs, but simply redirected to a special page on Google, where he either logs in, or simply redirects back if he is already logged in (or selects the account he wants to use if he is already logged in under several accounts) .
How to implement this? Does it have something to do with the check_immediate mode?
In principle, I implement the provider for internal purposes, so I could use OAuth if it is more convenient. Yes, yes, I know OAuth is meant for authorization, not authentication, but it seems that lately this protocol is trying to support all possible use cases.
Answer the question
In order to leave comments, you need to log in
As I understand it (I could be wrong):
The button does not lead directly to Google, but to its own script, which:
1) Requests a document from Google at www.google.com/accounts/o8/id :
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/server</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
<Type>http://specs.openid.net/extensions/pape/1.0</Type>
<URI>https://www.google.com/accounts/o8/ud</URI>
</Service>
</XRD>
</xrds:XRDS>
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question