I am just starting with the library, and am trying to use the
OpenIDLogin control, with an "myad...@gmail.com" ID. However, this
returns an error stating the endpoint could not be found. Is there any
special configuration required?
On a side note, is there a source of documentation for this library? I
could not see any obvious links.
Thank you for the link to to the MSDN style docs, thats what I was
missing (id found the code snippets and am using them to get started).
I understand what you said about gmail not being an OpenID provider,
as I had found passing reference to this before. However, sites like
StackOverflow (which I believe use this library?) allow you to use
this address to log in. Is this some custom support they have written
to allow this, or is this a feature of the library?
No, not that gmail is not a *provider*, but that an email address is
not an OpenID *identifier*. With the exception of the oddball iNames
stuff (e.g. "=drummond"), OpenID identifiers (what you're expected
to type in the OpenID text box) are http or (preferably!) https URLs.
> as I had found passing reference to this before. However, sites like
> StackOverflow (which I believe use this library?) allow you to use
> this address to log in. Is this some custom support they have written
> to allow this, or is this a feature of the library?
Custom code on their end -- "they must be doing some preprocessing on
the user-supplied identifier to see if it's an email address that ends
with gmail.com and replacing it with Google's OP Identifier behind the
scenes," says Andrew.
I expect that StackOverflow has *not* modified Andrew's code, but merely
added logic to their codebehind. I'm not sure how much -- in order to
prove that you are some...@gmail.com, all SO needs to do is send you to
google and request that your email address be sent along with the
assertion. They appear to do that even if you click the simple Google
button, so they might have only added a simple 2-liner, e.g.
// pseudocode warning: I forget the DNOI/DNOA class/property models for
// this, as I haven't touched this part of my SSO app in months
if ( claimedId.Trim().ToLower().EndsWith("@gmail.com" ) {
// GMail: use the standard Google OP endpoint
claimedId = "https://www.google.com/accounts/o8/id";
}
Also, when I log in by entering my gmail address, SO ends up showing me
This OpenID does not have an account on Stack Overflow yet:
https://www.google.com/accounts/o8/id?id=biglongopaqueidstringhere
so I strongly suspect it's just a 2-line kludge to improve the UX
for GMail users (and, arguably, also muddying the waters for OpenID).
(They might have done something fancy like see that the email attribute
sent them by Google matched the address I originally typed, but as far
as I can tell, it's not that fancy.)
-Peter
Why not put that attribute in the codeahead? I don't know what phase
of page processing the URI validation occurs in, but you want it disabled
all the time, right? So why not specify that in the codeahead?
I don't know what the side effects of disabling validation will be, so
I think you'd be wise to add some code to ensure that the URI looks like
a valid http/https URL or other legal OpenID identifier (e.g., an iName).
You don't want somebody specifying some other registered protocol like "hcp"
and tricking your app into doing something unwanted when it begins the
discovery process.
Alternately, have you tried using client-side Javascript to change
user-provided @gmail.com addresses to Google's URL before the client posts
anything back to your app? That's not what Stack Overflow is doing, but
it might be another, slightly less reliable, way to add that intelligence.
-Peter
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.