[cl-openid-devel] Patch for user-specific authentication data
Leslie P. Polzer
sky at viridian-project.de
Thu Jun 10 09:19:42 UTC 2010
Anton,
thanks for your reply and for applying my patch!
I'm very sorry about the missing doc strings -- I forgot to
change them to reflect my changes to the code.
Future patches from me will also change the README docs.
> How do you track the authentication process with the handle?
>
> I would be interested to know how you use cl-openid.
> Could you tell about your project?
Our project's current focus is to develop a Personal Information
Management solution. To collect the user's data we are using
OAuth. Unfortunately OAuth has no standardized way to get the
user's account name at the provider's site.
Yahoo uses OpenID+OAuth for this: you let the user log in via
OpenID, get their account name via Attribute Exchange and
receive OAuth authorization in the response.
Now to track which OpenID+OAuth request belongs to which of
our user's provider accounts across requests we need to have
a mapping from the OpenID handle to the account object.
With plain OAuth we have a similar mapping, from unauthorized
request tokens to account objects.
If you see a better way to do this without using the handle
or if you have more questions then please let me know.
Thanks again,
Leslie
More information about the cl-openid-devel
mailing list