openid

问题 Say I have a site, like StackOverflow, which supports OpenID login only. Suppose someone had an account on the site, bound to his OpenID, and then he lost access to his OpenID provider (that's surely possible and not harder than losing your email password). How would he then restore access to his account? I see two options: one is the usual mail-me-a-key sequence, only appropriate if he had provided an email address. Two is he could have provided a backup OpenID for such emergencies (that's

问题 Referencing Is Facebook an OpenID provider? here. This is kind of an additional question based on it. I have also read the article at : What is the "openid" url of facebook? - but I am still pretty confused on the whole ordeal. The goal is for people who use facebook to easily login to our website, not to neccessarily integrate with facebook and add things to it (yet). I have read the documentation on facebook connect and am still having trouble grasping exactly what we need to do to

问题 I m trying to use openid as my login system. For that I used following code <?php require 'openid.php'; try { if(!isset($_GET['openid_mode'])) { if(isset($_GET['login'])) { $openid = new LightOpenID; $openid->identity = 'https://www.google.com/accounts/o8/id'; $openid->required = array('contact/email'); header('Location: ' . $openid->authUrl()); } ?> <form action="?login" method="post"> <button>Login with Google</button> </form> <?php } elseif($_GET['openid_mode'] == 'cancel') { echo 'User

问题 What are the differences between the PHP implementation of Janrain's PHP OpenID library and the LightOpenID. Is one more secure than the other? According to Google's best practices page: A correct OpenID implementation has to: cover checking of cryptographic signatures checking of nonces Yadis discovery I'm guessing the Janrain's library does fulfill all these requirements as Google recommends the library, but is the LightOpenID fulfilling 1 & 2. 回答1: LightOpenID uses the stateless version of

问题 I have an aspx page embedded in Dynamics CRM. The aspx page uses openId and an adfs application group to authenticate and has been working up until security update KB4493473 (it is an assumption that the update is causing the issue). Prior to the update, when the user loaded the CRM form, the iframe would seamlessly load without issue or authentication prompts. Since the update, the console gives this message: 'https://sts... ... &x-client-SKU=ID_NET451&x-client-ver=5.2.1.0' in a frame

问题 I am using google open id on my website as a login system. I ran into some trouble with logging a user out. Destroying the session on the site obviously doesn't log them out of the google account, and on the next login the user automatically logs in with whatever google account the browser is logged into. Looking at a few questions on here, I discovered I could just make a request to https://www.google.com/accounts/Logout I tried using <script type="text/javascript"> $.ajax({ url: "https:/

问题 I've been able to finally get python-openid to authenticate a user, but I'm not able to create a sreg.SRegResponse or ax.FetchResponse as they come back as None. This is coming from a Google Apps account and I'm trying to follow the example from https://github.com/openid/python-openid/tree/master/examples/djopenid. I've heard Google's OpenID system can be a little funky and require some tweaks like Retrieve OpenID AX attributes from Google / Yahoo in Rails response = c.complete(request_args,

问题 I am developing an iOs application, In which user set his social status, that status will post on schedule time( that can be after 1,2... week ) from cronjob(server side is on nodejs ). Please suggest me is there any sdk for this, using that I can get offline permission(Auth token [that token is required for posting] ). I know about ShareKit but it's only sharing things. I found a similar question on stack but that doesn't have answer: 回答1: A quick Google search provided some answers. For

问题 I'm implementing some WebApi to upload/convert/return videos. Another developer will implement a PhoneGap application that will call my WebApi to upload/convert/show videos to users. The PhoneGap application uses OpenId to allow users to login using google and facebook. My problem is that I want to make sure the client that is calling my WebApi has been logged in on the PhoneGap app using google or facebook. I know that all I need is the client to send me a token in the request header that I

问题 This code shows how to use Attribute Exchange with DotNetOpenAuth. But what if I have my own closed Provider and want to use custom attributes, for example the FavoriteFlavor attribute defined in the AcmeRequest as part of the DNOA samples; what do I have to do with DNOA to make the request look like something like (but for my FavoriteFlavor request): openid.ns.ax=http://openid.net/srv/ax/1.0 openid.ax.mode=fetch_request openid.ax.required=name,hackergotchi openid.ax.if_available=email,web