From sky at viridian-project.de Sun Jun 6 11:46:48 2010 From: sky at viridian-project.de (Leslie P. Polzer) Date: Sun, 6 Jun 2010 13:46:48 +0200 (CEST) Subject: [cl-openid-devel] Patch for user-specific authentication data Message-ID: <3dfcbac1e144d98d644b5a79948d0ff2.squirrel@mail.stardawn.org> Hi, this patch actually contains two things: 1) extra-parameters kwarg for request-authentication-uri and initiate-authentication. This is needed for OpenID extensions, for example OAuth or Attribute Exchange. 2) Additional (multiple) return values handle and authproc for initiate-authentication. Especially the handle is useful for user code to track the process. None of these break backward compatibility. Let me know if you want two separate patches and/or want them in Darcs format. Leslie -------------- next part -------------- A non-text attachment was scrubbed... Name: extra-params-and-return-values.diff Type: application/octet-stream Size: 3142 bytes Desc: not available URL: From avodonosov at yandex.ru Wed Jun 9 22:16:02 2010 From: avodonosov at yandex.ru (Anton Vodonosov) Date: Thu, 10 Jun 2010 02:16:02 +0400 Subject: [cl-openid-devel] Patch for user-specific authentication data In-Reply-To: <3dfcbac1e144d98d644b5a79948d0ff2.squirrel@mail.stardawn.org> References: <3dfcbac1e144d98d644b5a79948d0ff2.squirrel@mail.stardawn.org> Message-ID: <103561276121762@web40.yandex.ru> Hello, Leslie. Sorry for the long silince. Maciej was busy, me too, plus I get write access to the repository only now. I just commited your patch (with adjusted docstrings and README.(org|html|txt). The patch format is OK, but changing documentation would be nice to. How do you track the authentication process with the handle? I would be interested to know how you use cl-openid. Could you tell about your project? Best regards, - Anton 06.06.10, 15:46, "Leslie P. Polzer" : > Hi, > > this patch actually contains two things: > > 1) extra-parameters kwarg for request-authentication-uri > and initiate-authentication. > > This is needed for OpenID extensions, for example OAuth > or Attribute Exchange. > > 2) Additional (multiple) return values handle and authproc > for initiate-authentication. Especially the handle is > useful for user code to track the process. > > None of these break backward compatibility. > > Let me know if you want two separate patches and/or want > them in Darcs format. > > Leslie > From sky at viridian-project.de Thu Jun 10 09:19:42 2010 From: sky at viridian-project.de (Leslie P. Polzer) Date: Thu, 10 Jun 2010 11:19:42 +0200 (CEST) Subject: [cl-openid-devel] Patch for user-specific authentication data In-Reply-To: <103561276121762@web40.yandex.ru> References: <3dfcbac1e144d98d644b5a79948d0ff2.squirrel@mail.stardawn.org> <103561276121762@web40.yandex.ru> Message-ID: <4ebda70c3ba2ef1e4f3d0a589eb0208a.squirrel@mail.stardawn.org> Anton, thanks for your reply and for applying my patch! I'm very sorry about the missing doc strings -- I forgot to change them to reflect my changes to the code. Future patches from me will also change the README docs. > How do you track the authentication process with the handle? > > I would be interested to know how you use cl-openid. > Could you tell about your project? Our project's current focus is to develop a Personal Information Management solution. To collect the user's data we are using OAuth. Unfortunately OAuth has no standardized way to get the user's account name at the provider's site. Yahoo uses OpenID+OAuth for this: you let the user log in via OpenID, get their account name via Attribute Exchange and receive OAuth authorization in the response. Now to track which OpenID+OAuth request belongs to which of our user's provider accounts across requests we need to have a mapping from the OpenID handle to the account object. With plain OAuth we have a similar mapping, from unauthorized request tokens to account objects. If you see a better way to do this without using the handle or if you have more questions then please let me know. Thanks again, Leslie