Support IdP discovery for Google hosted domains

jaredhanson / passport-openid

OpenID authentication strategy for Passport and Node.js.

https://www.passportjs.org/packages/passport-openid/?utm_source=github&utm_medium=referral&utm_campaign=passport-openid&utm_content=about

MIT License

98 stars 85 forks source link

Support IdP discovery for Google hosted domains #11

Open jaredhanson opened 11 years ago

jaredhanson commented 11 years ago

Moving https://github.com/jaredhanson/passport/issues/72 to passport-openid.

jaredhanson commented 11 years ago

Spec: Protocol Documentation of OpenID IDP for Google hosted domains

jaredhanson commented 11 years ago

ozten commented 11 years ago

This is great! Our plans for a later release are https://github.com/mozilla/browserid/issues/2932, but maybe your work would make that obsolete.

jaredhanson commented 11 years ago

Interesting, thanks for the link! At first glance, I like Mailstrom's approach better. I haven't fully groked Google's spec linked above, but it seems to require that the hosted domain add host-meta to the non-Google hosted web server. It seems probable that many wouldn't do this, but that they would change MX records (since Gmail is mostly the point of hosted domains with Google), and MX record checking will give you a better success rate.