RelayState in OAuth module
Thomas Zangerl
short question:
Would it be possible to introduce a RelayState parameter for OAuth
authorization? Then, for instance authorize.php could redirect the user
back to the site she came from and the OAuth module would also be usable
from web applications and not only from standalone clients.
And then I wanted to ask about the state of IdP discovery in
simplesamlphp's OAuth module ;-)
Thanks and nice evening,
Thomas
Solberg Andreas Åkre
On 15. juni2009, at 19:06, Thomas Zangerl wrote:
> short question:
> Would it be possible to introduce a RelayState parameter for OAuth
> authorization? Then, for instance authorize.php could redirect the
> user
> back to the site she came from and the OAuth module would also be
> usable
> from web applications and not only from standalone clients.
Sure! The OAuth thing is just a proof of concept yet. I hope that I
will be able to complete it and make some use-cases where I use it.
Then obviously a RelayState-ish thing will be added.
>
> And then I wanted to ask about the state of IdP discovery in
> simplesamlphp's OAuth module ;-)
I've responded to a workaround for this earlier, was it to you?
Thing is that OAUth uses the SAML 2.0 SP module, which do not support
IdP discovery yet. The SP module will replace the SAML 2.0 SP
functionality in simplesamlphp at some time in the future.... you can
use the built in SAML 2.0 SP instead of the module to get discovery
service (for now). Guess support will be added later this summer..
Andreas
Thomas Zangerl
>
> On 15. juni2009, at 19:06, Thomas Zangerl wrote:
>
>> short question:
>> Would it be possible to introduce a RelayState parameter for OAuth
>> authorization? Then, for instance authorize.php could redirect the
>> user
>> back to the site she came from and the OAuth module would also be
>> usable
>> from web applications and not only from standalone clients.
> Sure! The OAuth thing is just a proof of concept yet. I hope that I
> will be able to complete it and make some use-cases where I use it.
> Then obviously a RelayState-ish thing will be added.
>
>> And then I wanted to ask about the state of IdP discovery in
>> simplesamlphp's OAuth module ;-)
>
> I've responded to a workaround for this earlier, was it to you?
Yes, thank you for that! For the moment we can use your workaround, I
just wanted to keep the issue somewhat alive :) Also good to know that
we will get a RelayState-ish thingie.
Best regards,
Thomas
Solberg Andreas Åkre
> Would it be possible to introduce a RelayState parameter for OAuth
> authorization? Then, for instance authorize.php could redirect the
> user
> back to the site she came from and the OAuth module would also be
> usable
> from web applications and not only from standalone clients.
Now, finally I commited support for this.
svn ci -m 'Added support for redirecting back to callback url at the
OAuth Authorize endpoint' www/authorize.php
Sending www/authorize.php
Transmitting file data .
Committed revision 1649.
In OAuth there is a parameter called oauth_callback that work the way
you describe. I did not add support for it earlier as I only did
command line script demoes. Now, I am working with a web-based OAuth
client, and therefore I added this support.
I have to emphasise that the OAuth support is still not mature, but I
have plans for improving it a lot in the coming months.
One of the next things that is needed is a registration portal where
you can request and get consumer key/secret.
> And then I wanted to ask about the state of IdP discovery in
> simplesamlphp's OAuth module ;-)
That became available earlier this summer.
Andreas