问题
I'm using DotNetOpenAuth to log in as part of my login process. It works great for handling authentication but the process of retrieving user information from various openId providers is not working very well.
Using MyOpenId I do get full information that I request using a ClaimsRequest with DotNetOpenAuth. It apparently uses the SREG protocol to request and retrieve this content. This works great with MyOpenId, but doesn't do anything for Google or Yahoo and other providers that do not support this protocol (yet?).
Is there a way to retrieve cross provider user information using DotNetOpenAuth (or some other mechanism other than RPX (not looking for another man in the middle :-}) )?
回答1:
I recommend that you look at the actual exchanges that happen. I.e. when your service redirects the user to the provider, find out what parameters are sent, and then, when the user comes back, also find out what parameters are transmitted.
In OpenID 2, there are two ways to request user information: Attribute Exchange (AX), and Simple Registration (SREG). Not sure what SIG is. Whether or not providers implement these protocols, and what information they provide, is their choice (at first, and then hopefully also the user's choice).
I found that Google supports AX, and provides always the email address, and sometimes the user's first and last name. In my experience, Yahoo doesn't provide anything but the claimed ID. As a consequence, I don't accept Yahoo as a provider, see http://pypi.python.org/pypi?:action=openid
回答2:
For clarification I'm posting this link as the answer:
http://www.dotnetopenauth.net/developers/code-snippets/the-axfetchassregtransform-behavior/
This link provides configuration file settings for AXFetchAsSregTransform behavior in a small configuration example (as mentioned by Andrew) which allows using ClaimsRequest() to get both SREG and AX information.
This allows retrieval of some (but not all) request information. For Google it works with email address retrieval at least.
To make a request:
var req = openid.CreateRequest(Request.Form["openid_identifier"]);
var fields = new ClaimsRequest();
fields.Email = DemandLevel.Require;
fields.FullName = DemandLevel.Require;
req.AddExtension(fields);
return req.RedirectingResponse.AsActionResult();
to receive the response:
var claim = response.GetExtension<ClaimsResponse>();
string email = null, fullname= null, password = null;
if (claim != null)
{
email = claim.Email;
fullname = claim.FullName;
}
Note that Google only seems to pick up the email address and it needs DemandLevel.Require, otherwise nothing gets returned.
回答3:
Check out my answer to a very similar question here:
Cannot get attributes from DotNetOpenId response
Addition: Here's a blog post I wrote on the subject as well. Note that I wrote it before I wrote the AXFetchAsSregTransform behavior, so some of it is easier than presented on the blog post. But of particular note, it mentions that Google ignores all attribute requests that are "optional". So you have to make email "required" in order to ever get it.
http://blog.nerdbank.net/2009/03/how-to-pretty-much-guarantee-that-you.html
来源:https://stackoverflow.com/questions/1387438/retrieve-openid-user-information-claims-across-providers