OpenID Immediate Request
Spines
to store the user's openid url in a long living cookie, and then use
an immediate request to authenticate the user next time they visit, as
described in the OpenID Relying Party Best Practices document (http://
wiki.openid.net/Relying-Party-Best-
Practices#StoreprimaryOpenIDinacookieandcheckimmediateatnextsession)
David Yu
// note that the claimedId and the openIdServer should be
persisted in the cookie.
OpenIdUser user = getStoredOpenIdUserFromCookie(request);
assert(user!=null);
OpenIdContext context = relyingParty.getOpenIdContext();
boolean associated = context.getAssociation().associate(user,
context);
assert(associated);
StringBuffer url = request.getRequestURL();
String trustRoot = url.substring(0, url.indexOf("/", 9));
String realm = url.substring(0, url.lastIndexOf("/"));
UrlEncodedParameterMap params = RelyingParty.getAuthUrlMap
(trustRoot, realm, returnTo);
HttpConnector connector = context.getHttpConnector();
HttpConnector.Response r = connector.doGET(params.getUrl(),
(Map<?,?)null, params);
// parse the response
Map<String,String> responseMap = parse(r.getInputStream());
if("setup_needed".equals(responseMap.get("openid.mode")))
{
// redirect the user
response.sendRedirect(responseMap.get("user_setup_url"));
return;
}
// user is authenticated
Let me know if there are any errors.
Cheers
David Yu
params.put("openid.mode", "checkid_immediate");
David Yu
modifications), i've been getting "setup_needed".
I'll try to look around for answers.
Spines
map.put(Constants.OPENID_MODE, Constants.Mode.CHECKID_SETUP);
Seems that the mode is hard coded to setup, maybe allow the mode to be
passed into the method?
Also, have you tried the library with yahoo openid? I'm getting an
error of some sort. I haven't looked much into it though, so it might
be something in my code and not your library.