| Issue 26: | How can I get the friendly OpenID after validation? | |
| 1 person starred this issue and may be notified of changes. | Back to list |
The code for getting the identity property says "We return claimed_id instead of identity, because the developer should see the claimed identifier". That's fine for the login security, but it's distracting to the user when he's managing his OpenID identities in my account control. See stackoverflow, I have a list of my identities and it's not google.com/some-long-blah but it's exactly my domain as I've entered it when logging in, even without the unnecessary http:// stuff. Can I get that URL back from LightOpenID or do I have to remember it elsewhere? Is it safe to remember what the user has entered before redirecting away and using that input later again?
Mar 3, 2011
Project Member
#1
mewp...@gmail.com
Labels:
-Type-Defect Type-Other
Mar 17, 2011
(No comment was entered for this change.)
Status:
Done
Mar 18, 2011
I wasn't asking for an AX or SREG "friendly name", I just wanted to get the original OpenID URI that the user has entered to authenticate. The user doesn't want to know his personal name when managing his OpenIDs in my account, he needs to see his OpenID URIs. Can I use the one he entered in my login form or do I need to ask the OpenId library for it? Which is safe?
Mar 18, 2011
$openid->identity returns a) the (normalized) string an user has entered (that is, claimed_id) b) in case of using identifier_select (Google, for example), whatever the server returns -- because the user didn't enter anything If you used exactly whatever used has provided, you'd have more than one user with the same identifier (that is, for example, https://www.google.com/accounts/o8/id), because some servers select the identity during their authentication process. According to the standard, you should use the claimed identifier as the user's OpenID -- it will be as close as possible to whatever your user has entered as his OpenID without being ambiguous. |