IRC Log for #openid on 2009-12-21

Timestamps are in UTC.

  1. [00:14:46] * mosites (n=mosites@static-98-112-71-210.lsanca.dsl-w.verizon.net) has joined #openid
  2. [00:45:53] * shigeta (n=shigeta@sakkgw2.sixapart.jp) has joined #openid
  3. [01:24:18] * kengyu (n=lex_@210.242.151.101) has joined #openid
  4. [01:35:59] * kengyu (n=lex_@210.242.151.101) Quit ("暫離")
  5. [01:39:50] * kengyu (n=lex_@210.242.151.101) has joined #openid
  6. [02:00:51] * Stormeh (i=Storm@cpc5-hart9-0-0-cust207.midd.cable.virginmedia.com) Quit (Read error: 104 (Connection reset by peer))
  7. [02:30:43] * marclaporte (n=Miranda@69-165-165-53.dsl.teksavvy.com) has joined #openid
  8. [03:12:29] * mosites (n=mosites@static-98-112-71-210.lsanca.dsl-w.verizon.net) Quit ()
  9. [03:39:16] * Kaliya (n=Adium@adsl-68-125-69-25.dsl.pltn13.pacbell.net) Quit ("Leaving.")
  10. [04:02:49] * kengyu (n=lex_@210.242.151.101) Quit ("暫離")
  11. [04:05:28] * shigeta_ (n=shigeta@sakkgw2.sixapart.jp) has joined #openid
  12. [04:13:09] * Kaliya (n=Adium@adsl-68-125-69-25.dsl.pltn13.pacbell.net) has joined #openid
  13. [04:21:27] * shigeta (n=shigeta@sakkgw2.sixapart.jp) Quit (Read error: 110 (Connection timed out))
  14. [04:57:05] * kengyu (n=lex_@210.242.151.101) has joined #openid
  15. [05:11:39] * dwhittle (n=dwhittle@nat/yahoo/x-xwkehkumrvrhbaxq) has joined #openid
  16. [05:14:03] * dwhittle (n=dwhittle@nat/yahoo/x-xwkehkumrvrhbaxq) Quit (Client Quit)
  17. [05:58:15] * Kaliya (n=Adium@adsl-68-125-69-25.dsl.pltn13.pacbell.net) Quit (Read error: 54 (Connection reset by peer))
  18. [05:58:19] * Kaliya (n=Adium@adsl-68-125-69-25.dsl.pltn13.pacbell.net) has joined #openid
  19. [06:03:58] * Kaliya (n=Adium@adsl-68-125-69-25.dsl.pltn13.pacbell.net) Quit ("Leaving.")
  20. [08:01:11] * dwhittle (n=dwhittle@nat/yahoo/x-kapworuafxsdicbm) has joined #openid
  21. [08:14:11] * dwhittle (n=dwhittle@nat/yahoo/x-kapworuafxsdicbm) Quit ("...")
  22. [08:43:37] * bortzmeyer (n=bortzmey@batilda.nic.fr) has joined #openid
  23. [09:00:58] <bjornbjorn> to add extra (custom) info to an openid request do you use the PAPE request or something else?
  24. [09:17:17] <flaccid> bjornbjorn: AX or SReg
  25. [09:18:47] <bjornbjorn> ok, I don't need info from the user I just want something back with the authentication request that lets me know if this was a login request or a registration request
  26. [09:19:55] <flaccid> the spec covers that
  27. [09:33:41] <bjornbjorn> thanks, looks like AX is what I'm looking for
  28. [09:37:54] <flaccid> coolio
  29. [09:38:23] <flaccid> still you can work that out without ax by doing logic on the params to see what stage of the auth process it is in
  30. [09:38:37] <flaccid> in terms of registration, openid doesn't do registration
  31. [09:42:58] <bjornbjorn> yeah, I just need some info in my callback script to know if I'm going to create a user account, login to an existing, or add the openid to an existing user account
  32. [09:43:36] <bjornbjorn> I see I can just add "?method=login" for instance to the request_to url parameter, that seems like an easy way of just getting that parameter set as well
  33. [09:44:23] <flaccid> no that is client-side and arbitrary, you should be doing a user lookup in your user table
  34. [09:44:29] <flaccid> then doing business logic from that
  35. [09:46:36] <bjornbjorn> hmm, yeah that's true I guess I can assume login if we already have the openid_url in a user table, assume registration if it does not exist in user table AND the user has a session in the CMS, and assume adding an openid_url to a user account if it does not exist in unser table and user does have a session
  36. [09:47:06] <bjornbjorn> err .. other way around ;)
  37. [09:47:20] <bjornbjorn> assume registration if there is no openid url in user table and no session
  38. [09:47:33] <flaccid> without user bindings to openid identifiers, a new site can use the openid identifier as a unique filed or primary key
  39. [09:48:00] <bjornbjorn> yes, I'm creating an openid addon for a cms with existing users though
  40. [09:48:03] <flaccid> openid identities are unique so instead of a user id, an identity can be used
  41. [09:48:07] <flaccid> thats fine
  42. [09:48:18] <flaccid> you simply have a join/bind table to do userid -> openid url
  43. [09:48:19] <bjornbjorn> so I've added an extra table (id, member_id, openid_url)
  44. [09:48:27] <bjornbjorn> yepp
  45. [09:48:32] <flaccid> you got it!
  46. [09:48:50] <bjornbjorn> so the callback script will just need some AI instead of that "method" parameter I was thinking of adding ;)
  47. [09:49:01] <bjornbjorn> thanks for your input :)
  48. [09:49:22] <flaccid> hmm im not sure if callback is the right term here. its a controller that has business logic based on the model data
  49. [09:51:43] <bjornbjorn> when I say "callback script" I refer to the script that is specified in the "openid_return_to" parameter .. I've just called it openid_callback.php for now, but yeah not sure if it best describes what it does ..
  50. [10:00:05] * xpo (n=xpo@bearstech/xpo) has joined #openid
  51. [10:08:37] <flaccid> you don't need that. the OP endpoint can handle all the logic
  52. [10:17:01] <bjornbjorn> that callback script is my endpoint
  53. [10:17:43] <flaccid> in that case, not a good idea to name it like that although doesn't matter
  54. [10:17:59] <bjornbjorn> well, actually I do forward to another page in the CMS but I had a problem with the CMS security filters (not allowing the characters in the URL that are returned from the provider)
  55. [10:18:13] <bjornbjorn> yeah I guess it should be named openid_endpoint.php maybe
  56. [10:19:08] <flaccid> ideally it should just be .../
  57. [10:19:32] <flaccid> URI routing such that is given by frameworks e.g. cakephp in this case are great
  58. [10:19:44] <flaccid> ooops i meant URL in this case
  59. [10:20:19] <bjornbjorn> yeah, I'm using CodeIgniter .. but as I mentioned there was a problem with the framework not allowing characters returned from the provider (the security filters would strip them)
  60. [10:20:23] <bjornbjorn> :-/
  61. [10:23:30] <flaccid> ah right, you are you sure that is a limitation of the framework, i'm sure that can be overcome somehow whatever the problem is
  62. [10:24:20] * shigeta_ (n=shigeta@sakkgw2.sixapart.jp) Quit ("Leaving...")
  63. [10:24:56] <bjornbjorn> if it was just the framework, it could be overcome by editing the characters allowed in the URL .. in the conifg. I'm integrating openID for ExpressionEngine 2.0 though (which is a commercial CMS based on CI) .. so I can't mess around with it's security config
  64. [10:25:57] <flaccid> interesting situation
  65. [10:26:05] <bjornbjorn> What I do now is I have an endpoint.php, it will set a secret in the database (connected to the openid_url) and then I will redirect to the cms (with that secret in a POST, and without the illegal characters in the URL) e.g. /openid/login/ .. so I can check there if the secret matches the last one stored in the db, if it does, I'll login the user
  66. [10:26:43] <bjornbjorn> let me know if anything I say sounds like a bad idea to you ;-)
  67. [10:27:39] <flaccid> totally bad
  68. [10:27:42] <flaccid> pretty crazy
  69. [10:27:56] <bjornbjorn> ok, how would you do it?
  70. [10:28:10] <flaccid> are they on the same domain?
  71. [10:28:17] <bjornbjorn> yes
  72. [10:28:19] <flaccid> i.e. http 1.1 hostname in this case
  73. [10:28:25] <flaccid> get them to share sessions
  74. [10:28:56] <bjornbjorn> by "they" you mean endpoint.php and the cms (/openid/login)
  75. [10:28:58] <bjornbjorn> right?
  76. [10:29:16] <bjornbjorn> they are on the same domain yes
  77. [10:30:08] <bjornbjorn> so store the secret in the session instead of revealing it to the client then ;)
  78. [10:30:43] <flaccid> are you using a library for the openid auth? this is an OP right or are you doing OP and RP?
  79. [10:32:58] <bjornbjorn> hmm, I'm using it for openid auth only I guess, to login or register users
  80. [10:36:49] <bjornbjorn> so only RP
  81. [10:37:16] <bjornbjorn> only consumer, this addon is not going to be an openid provider
  82. [10:42:27] <flaccid> cool
  83. [10:42:54] <flaccid> if they can share cookies and sessions then you won't need quirks
  84. [10:43:00] <flaccid> won't openid software are you using?
  85. [10:43:07] <flaccid> did you make the backend stuff yourself?
  86. [10:43:26] <bjornbjorn> I'm using the janrain library now .. authentication works fine
  87. [10:43:45] <bjornbjorn> my main job will be to integrate it into EE, so that's what I'm doing now
  88. [10:44:23] <flaccid> if they are on the same domain and you can get them to access each others cookies or get the RP to do the cookie/session in the parent apps then you don't need to hack it
  89. [10:44:54] <bjornbjorn> yeah I will store this "secret" of mine in the session, not cookies
  90. [10:45:17] <bjornbjorn> I think I'll need it, cause I need to redirect back to endpoint.php since EE cannot handle the answer from the openid provider
  91. [10:45:40] <bjornbjorn> so I need endpoint.php (do something) -> redirect -> EE (do login / registration here)
  92. [10:46:15] <bjornbjorn> endpoint.php will basically do authentication, IF autenticated set session with "openid" and autenticated = "yes" .. ok, guess I don't need some secret .. lol
  93. [10:46:35] <bjornbjorn> so the EE side will just check "openid" and if authenticated it will login or register based on that
  94. [10:46:48] <bjornbjorn> it's becoming clearer here methinks ;-) ..
  95. [10:46:56] <bjornbjorn> *lunch* .. brb
  96. [12:00:51] <flaccid> sure thats basically what you do
  97. [12:01:45] <flaccid> hmm well maybe not.
  98. [12:02:55] <bjornbjorn> oh?
  99. [12:06:51] <bjornbjorn> the framework will also clear $_SESSION ofcourse so it didn't turn out to be quite that easy :-/ .. and I can't load the framework becuase of the illegal url thing. hmmmpfh
  100. [12:11:32] <bjornbjorn> well, anyway if I set the 'last_openid_verified' in the session I can use that in the CMS to get the member_id and log the user in ? .. if I can trust the session to be secure .. I have to be able to trust something :-P
  101. [12:31:17] <flaccid> hmm
  102. [13:22:10] * MacTed (n=Thud@c-24-61-62-241.hsd1.ma.comcast.net) Quit ()
  103. [14:27:30] * MacTed (n=Thud@63.119.36.36) has joined #openid
  104. [14:44:02] * kengyu (n=lex_@210.242.151.101) Quit (verne.freenode.net irc.freenode.net)
  105. [14:45:35] * marclaporte (n=Miranda@69-165-165-53.dsl.teksavvy.com) Quit (Read error: 110 (Connection timed out))
  106. [14:48:40] * kengyu (n=lex_@210.242.151.101) has joined #openid
  107. [15:05:53] * keturn (n=kevint@c-24-20-142-139.hsd1.or.comcast.net) Quit (Read error: 104 (Connection reset by peer))
  108. [15:26:19] * keturn (n=kevint@c-24-20-142-139.hsd1.or.comcast.net) has joined #openid
  109. [16:32:47] * Kaliya (n=Adium@adsl-69-104-3-154.dsl.pltn13.pacbell.net) has joined #openid
  110. [16:35:35] * kcraig (n=kcraig@128.117.82.157) has joined #openid
  111. [16:42:44] * bortzmeyer (n=bortzmey@batilda.nic.fr) Quit ("Leaving.")
  112. [17:08:43] * marclaporte (n=Miranda@69-165-165-53.dsl.teksavvy.com) has joined #openid
  113. [17:29:20] * mosites (n=mosites@static-98-112-71-210.lsanca.dsl-w.verizon.net) has joined #openid
  114. [17:36:00] * gxgcristea (n=gino@ip65-47-28-158.z28-47-65.customer.algx.net) has joined #openid
  115. [17:43:13] * xpo_air (n=xpo@bearstech/xpo) has joined #openid
  116. [17:49:31] * xpo (n=xpo@bearstech/xpo) Quit (Read error: 110 (Connection timed out))
  117. [17:49:31] * xpo_air is now known as xpo
  118. [17:58:55] * marclaporte (n=Miranda@69-165-165-53.dsl.teksavvy.com) Quit ("Miranda IM! Smaller, Faster, Easier. http://miranda-im.org")
  119. [18:02:00] * daleolds (n=daleolds@137.65.156.6) has joined #openid
  120. [18:08:17] * ryanmerket (n=rmerket@out1-1601fw.corp.tfbnw.net) has joined #openid
  121. [18:15:15] * dwhittle (n=dwhittle@nat/yahoo/x-rckoqdpyzykktxrx) has joined #openid
  122. [18:31:01] * dwhittle (n=dwhittle@nat/yahoo/x-rckoqdpyzykktxrx) Quit ("...")
  123. [18:45:29] * xpo (n=xpo@bearstech/xpo) Quit ()
  124. [18:48:27] * xpo (n=xpo@bearstech/xpo) has joined #openid
  125. [18:55:26] * flaccid (n=flaccid@unaffiliated/flaccid) Quit ()
  126. [19:04:56] * xpo (n=xpo@bearstech/xpo) Quit ()
  127. [19:12:42] * gxgcristea (n=gino@ip65-47-28-158.z28-47-65.customer.algx.net) has left #openid
  128. [19:13:49] * Kaliya1 (n=Adium@adsl-69-104-3-154.dsl.pltn13.pacbell.net) has joined #openid
  129. [19:14:23] * Kaliya (n=Adium@adsl-69-104-3-154.dsl.pltn13.pacbell.net) Quit (Read error: 54 (Connection reset by peer))
  130. [19:35:52] * qwp0 (n=qwp0@gw.localnet.sk) has joined #openid
  131. [19:55:18] * qwp0 (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  132. [19:55:40] * qwp0 (n=qwp0@gw.localnet.sk) has joined #openid
  133. [19:57:33] * Kaliya1 (n=Adium@adsl-69-104-3-154.dsl.pltn13.pacbell.net) has left #openid
  134. [20:02:06] * dwhittle (n=dwhittle@nat/yahoo/x-veyxdcjgsourvyfe) has joined #openid
  135. [20:02:25] * keturn (n=kevint@c-24-20-142-139.hsd1.or.comcast.net) Quit (Read error: 104 (Connection reset by peer))
  136. [20:03:40] * qwp0 (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  137. [20:04:30] * qwp0 (n=qwp0@gw.localnet.sk) has joined #openid
  138. [20:10:29] * qwp0 (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  139. [20:18:21] * keturn (n=kevint@c-24-20-142-139.hsd1.or.comcast.net) has joined #openid
  140. [20:44:00] * daleolds (n=daleolds@137.65.156.6) has left #openid
  141. [20:46:05] * daleolds (n=daleolds@137.65.156.6) has joined #openid
  142. [20:49:29] * k42b3_restricted (n=k42b3_re@p508455F6.dip.t-dialin.net) has joined #openid
  143. [20:51:38] * k42b3_restricted (n=k42b3_re@p508455F6.dip.t-dialin.net) Quit (Client Quit)
  144. [21:05:49] * flaccid (n=flaccid@eth384.nsw.adsl.internode.on.net) has joined #openid
  145. [21:12:01] * flaccid (n=flaccid@unaffiliated/flaccid) Quit ()
  146. [21:45:29] * flaccid (n=flaccid@eth384.nsw.adsl.internode.on.net) has joined #openid
  147. [21:58:59] * MacTed (n=Thud@63.119.36.36) Quit ()
  148. [22:00:22] * k42b3_restricted (n=k42b3_re@p508455F6.dip.t-dialin.net) has joined #openid
  149. [22:05:27] * kcraig (n=kcraig@128.117.82.157) Quit (Client Quit)
  150. [22:07:11] * xpo (n=xpo@bearstech/xpo) has joined #openid
  151. [22:12:13] * k42b3_re1tricted (n=k42b3_re@p508455F6.dip.t-dialin.net) has joined #openid
  152. [22:12:29] * k42b3_re1tricted (n=k42b3_re@p508455F6.dip.t-dialin.net) Quit (Client Quit)
  153. [22:13:31] * k42b3_restricted (n=k42b3_re@p508455F6.dip.t-dialin.net) Quit (Read error: 104 (Connection reset by peer))
  154. [22:53:46] * ryanmerk_ (n=rmerket@dsl081-053-212.sfo1.dsl.speakeasy.net) has joined #openid
  155. [23:00:45] * dwhittle (n=dwhittle@nat/yahoo/x-veyxdcjgsourvyfe) Quit ("...")
  156. [23:06:47] * ryanmerket (n=rmerket@out1-1601fw.corp.tfbnw.net) Quit (Read error: 110 (Connection timed out))
  157. [23:09:51] * ryanmerk_ (n=rmerket@dsl081-053-212.sfo1.dsl.speakeasy.net) Quit (Remote closed the connection)
  158. [23:17:16] * ryanmerket (n=rmerket@out1-1601fw.corp.tfbnw.net) has joined #openid
  159. [23:19:36] * daleolds (n=daleolds@137.65.156.6) has left #openid
  160. [23:29:48] * xpo (n=xpo@bearstech/xpo) Quit ()
  161. [23:36:03] * daleolds (n=daleolds@137.65.156.6) has joined #openid
  162. [23:37:30] * daleolds (n=daleolds@137.65.156.6) has left #openid

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.