steamlocker / lightopenid

Automatically exported from code.google.com/p/lightopenid
0 stars 0 forks source link

Feature Google Apps Endpoint Discovery #41

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hi,

This patch introduces Google Apps specific endpoint discovery through the 
additional discover_google_apps($url) method.

It might be helpful for those who wish to implement Google SSO (as described 
here: http://code.google.com/intl/en/googleapps/marketplace/sso.html)

--
idle sign

Original issue reported on code.google.com by idles...@gmail.com on 6 Jun 2011 at 9:49

Attachments:

GoogleCodeExporter commented 9 years ago
One fundamental quesion: will it work?

As far as I know, if you use Google Apps, you have to answer to `/openid` in 
your domain, which LightOpenID obviously can't do automatically.

Also, it seems that the url is always 
"https://www.google.com/accounts/o8/site-xrds?hd=$domain", so there's little 
point in doing additional discovery. Even if we'd assume that this url may 
change in the future, there's a more probable screnario: that there will be 
more than one Link in the host-meta file, possibly pointing to another service 
(since your code doesn't check that it points to an xrds file).

And the last thing -- it's not standarized yet, and I'd rather not implement 
things that aren't part of the standard.

So in summary, do you really think that it's useful enough to integrate it?
Consider the fact that it would be a provider-specific extension, and that it 
would (in my opinion, unnecessarily) introduce additional complexity in usage 
(users would have to know of this funciton, while now they just set a correct 
identity).

Original comment by mewp...@gmail.com on 6 Jun 2011 at 11:07

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
It works as far as I can see (tested that today), given that in discovery 
method I use discover_google_apps() as last resort before throwing an exception 
(thus making multiple hand calls to discover_google_apps() unnecessary).

We do not have to answer at '/openid', instead just fetching data from 
host-meta file and it seems that Google's php-openid discovery plugin 
(http://code.google.com/p/php-openid-apps-discovery/) uses something alike. As 
I understood Google's, there shouldn't be any other link in that file.

But I agree that it is a step to be more vendor-specific than now, and yes 
Google's always been a butthurt %)

Original comment by idles...@gmail.com on 6 Jun 2011 at 12:43