Issue 41: Feature Google Apps Endpoint Discovery
Status:  New
Owner: ----
Reported by idles...@gmail.com, Jun 6, 2011
Hi,

This patch introduces Google Apps specific endpoint discovery through the additional discover_google_apps($url) method.

It might be helpful for those who wish to implement Google SSO (as described here: https://code.google.com/intl/en/googleapps/marketplace/sso.html)

--
idle sign
loid.patch
1.2 KB   View   Download
Jun 6, 2011
Project Member #1 mewp...@gmail.com
One fundamental quesion: will it work?

As far as I know, if you use Google Apps, you have to answer to `/openid` in your domain, which LightOpenID obviously can't do automatically.

Also, it seems that the url is always "https://www.google.com/accounts/o8/site-xrds?hd=$domain", so there's little point in doing additional discovery. Even if we'd assume that this url may change in the future, there's a more probable screnario: that there will be more than one Link in the host-meta file, possibly pointing to another service (since your code doesn't check that it points to an xrds file).

And the last thing -- it's not standarized yet, and I'd rather not implement things that aren't part of the standard.

So in summary, do you really think that it's useful enough to integrate it?
Consider the fact that it would be a provider-specific extension, and that it would (in my opinion, unnecessarily) introduce additional complexity in usage (users would have to know of this funciton, while now they just set a correct identity).
Jun 6, 2011
#3 idles...@gmail.com
It works as far as I can see (tested that today), given that in discovery method I use discover_google_apps() as last resort before throwing an exception (thus making multiple hand calls to discover_google_apps() unnecessary).

We do not have to answer at '/openid', instead just fetching data from host-meta file and it seems that Google's php-openid discovery plugin (https://code.google.com/p/php-openid-apps-discovery/) uses something alike. As I understood Google's, there shouldn't be any other link in that file.

But I agree that it is a step to be more vendor-specific than now, and yes Google's always been a butthurt %)