All geek questions in one place

Opening an XRDS Public Identifier

I work with Open Id, just playing around creating a class for / auth Open Id interaction on my site (in PHP). I know that there are several other libraries (e.g. RPX), but I want to use my own (well, to help better understand the protocol and whether it is right for me).

The question I have is regarding the public identifier discovery sequence. I basically got to the point of considering using an XRDS document to get the local identifier (openid.identity) from the declared identifier (openid.claimed_id).

My question is: should I make a cURL request to get the XRDS location (X-XRDS ​​location) and then make another cURL request to get the actual XRDS document?

It seems that with a DUMB request, I only make one cURL request and get Open Id Server, but you need to do two in order to use the XRDS Smart method. It just doesn't seem right if anyone else can give me some information.

+3
source share
3 answers

To be complete, yes, your RP needs an HTTP GET at the URL that the user gave you, then search for the link to the XRDS document and, if it finds it, another HTTP GET. Keep in mind that XRDS can be hosted on a different server, so do not encode anything that would require a connection to be the same between two requests, as this may not be the same connection.

If in your initial HTTP GET request you include the HTTP header:

Accept: application/xrds+xml

XRDS, HTML, XRDS. , , HTTP /xrds + xml Content-Type. , RP, , HTTP GET-, .

+2

, , - HTTP-, HTTP- .

, , .

, .. OpenID - -, WebDAV =)

0

I know that I'm late for the game here, but I think you should check the webfinger protocol as well . It accepts the standard email asy userid template and allows you to search from there to discover openid, etc.

0
source

Source: https://habr.com/ru/post/1706955/

More articles:


All Articles