search

teintinu / dyuproject

Automatically exported from code.google.com/p/dyuproject
Apache License 2.0
1 stars 0 forks source link

Resolver logic is incorrect #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. create a resolver endsWith("gmail.com") ->
https://www.google.com/accounts/o8/id
2. try to login with "gmail.com"
3. resolver is not called

4. modify code to always call resolver, even is isResolved() == true

5. still fails, since resolve() methods ignore input is _url != null

What is the expected output? What do you see instead?

Resolver should have been called, and it's result should be taken as id
even if _url is set to something. By definition, resolver knows better than
the generic code, and if resolver decides ID should be changed, so be it.

What version of the product are you using? On what operating system?

1.1.1

Original issue reported on code.google.com by Vladimir...@gmail.com on 15 Feb 2009 at 4:51

GoogleCodeExporter commented 9 years ago 
Actually it is by design.
If the openid_identifier is a url, no need to resolve it as the url is already 
resolved.

If you want to display the email of the google account user in his page, you 
can use 
the GoogleAccount helper class.and get the email via googleAccount.getEmail()

Cheers

Original comment by dyuproj...@gmail.com on 16 Feb 2009 at 9:54

GoogleCodeExporter commented 9 years ago 
The idea is to provide a button "Login with Google" (along with other "Login 
with
AOL", "Login with Live.com",...). When pressed, the input field is populated 
with
"google.com". This is not a URL per se, but a "command" to a resolver and, at 
the
same time, makes perfect sense for a user.

Of course, I could add some custom logic into form which replaces input value 
(it's
too late to do so in servlet as RelayingParty user HttpServletRequest param 
which I
cannot change). But it's overcomplicated. 

The resolvers are to handle special cases. They simply know better. So the good 
idea
is to let all resolvers have their say before considering the input an URL. 
After all
there is a reason developer have added those resolvers. You cannot expect your
generic code handles his requirements better than his resolvers.

Original comment by Vladimir...@gmail.com on 16 Feb 2009 at 2:41

GoogleCodeExporter commented 9 years ago 
"When pressed, the input field is populated with
"google.com". This is not a URL per se, but a "command" to a resolver and, at 
the
same time, makes perfect sense for a user."

For a google account, using "google" as your identifier should not be a problem?

I agree that resolvers know better.
All resolvers will have their say, with the small requirement that your custom
identifiers do not symbolize urls.

And yes, that has been done by a project(google's gerrit2)
See http://gerrit2.source.android.com/Gerrit#all,open,n,z

Cheers

Original comment by david.yu...@gmail.com on 16 Feb 2009 at 3:12

GoogleCodeExporter commented 9 years ago 
> For a google account, using "google" as your identifier should not be a 
problem?

Well, if I manage to make user NOT to enter anything unexpected. :) There are 
"mouse
people" who click on "Click here to login with Google ID" and there are 
"keyboard
people" who feel faster to type "google.com". 

I can put all kind of fuzzy logic into form to prevent that, true. But since we
already have resolvers, it feels natural to use them instead.

> with the small requirement that your custom identifiers do not symbolize urls

You cannot demand it from end-users. They are not robots.

But if you insist, I'm OK with that too. It just every single project using your
OpenID library will have to go through the same hoops.

Original comment by Vladimir...@gmail.com on 17 Feb 2009 at 1:14

GoogleCodeExporter commented 9 years ago

Original comment by dyuproj...@gmail.com on 5 Apr 2009 at 11:13