openid

Is it possible to achieve SSO with the built-in OpenId on App Engine? I've been trying to integrate a Marketplace app and get the user logged in when coming from Google Apps (the admin panel or universal navigation). I failed miserably, then now I found this: "The one exception to this is applications which do hybrid OpenID/OAuth — whitelisting does not currently work with this approach." (from here ) I assume that I have to implement OpenId using a library instead of using the built-in one to achieve SSO with Google Apps in my app? Or if it is possible with built-in OpenId, is there an

On a website I have implemented the login using OpenID (based on StackOverflow). But I can't seem to logout. On my host I can logout but when the user tries to login again (especially with google) the authentication goes through without requiring the user to type in name and password. How can I indicate to the OpenID Provider that a user is no longer logged into the site? OpenID authenticates users to your site, when then starts a session on your site. You destroy or invalidate your site's session separately from the user's session with their OpenID provider. User visits joewidgets.com > User

I'm looking for a good (Or at least working) implementation of OpenID in erlang. I've looked at several different solutions, but non of them are working 100%. Have your tried eopenid? http://github.com/etnt/eopenid You can contact Tobbe via his blog if you find some problems with it: http://www.redhoterlang.com/entry/be023e5181553216197369bbe32c4039 So far as I know, eopenid supports only OpenID 1.1. I have some code for doing OpenID 2.0, parts of which are based on eopenid, at http://github.com/brendonh/erl_openid (and a quick tutorial at http://taizilla.wordpress.com/2010/07/21/erl_openid/ )

官方文档： https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/login.html 小程序登录 小程序可以通过微信官方提供的登录能力方便地获取微信提供的用户身份标识，快速建立小程序内的用户体系。 登录流程 说明： 调用 wx.login() 获取 临时登录凭证code ，并回传到开发者服务器。 调用 auth.code2Session 接口，换取 用户唯一标识 OpenID 和 会话密钥 session_key。 之后开发者服务器可以根据用户标识来生成自定义登录态，用于后续业务逻辑中前后端交互时识别用户身份。 注意： 会话密钥 session_key 是对用户数据进行 加密签名 的密钥。为了应用自身的数据安全，开发者服务器不应该把会话密钥下发到小程序，也不应该对外提供这个密钥。 临时登录凭证 code 只能使用一次 小程序端执行wx.login后在回调函数中就能拿到上图的code,然后把这个code传给我们后端程序，后端拿到这个这个code后，可以请求code2Session接口拿到用的openid和session_key,openid是用户在微信中唯一标识，我们就可以把这个两个值(val)存起来，然后返回一个键（key）给小程序端，下次小程序请求我们后端的时候，带上这个key

Okay, so using passport.js works, and works well, from what I've seen. However, I'm not sure how to properly exclude certain users. If the application is intended to have restricted access, rather than just providing the user a method for logging in, how can I restrict the login through passport.js? As it stands, users can just visit /login and log in with their Google account, thereby getting access to the internals. Here is one way to do this, with comments throughout. The main thing is understanding this page from the author: http://passportjs.org/guide/authenticate/ , which I explain a