Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

TOC 8. Requesting Authentication When The Open, Social Web Workshop

29,126 views

Published on

TOC
8. Requesting Authentication

When requesting OpenID Authentication via the protocol mode "checkid_setup" or "checkid_immediate", this extension can be used to
request that the end user authorize an OAuth access token at the same time as an OpenID authentication. This is done by sending the
following parameters as part of the OpenID request. (Note that the use of "oauth" as part of the parameter names here and in
subsequent sections is just an example. See Section 5 for details.)

openid.ns.oauth
REQUIRED. Value: "http://specs.openid.net/extensions/oauth/1.0".
openid.oauth.consumer
REQUIRED. Value: The consumer key agreed upon in Section 7 .
openid.oauth.scope
OPTIONAL. Value: A string that encodes, in a way possibly specific to the Combined Provider, one or more scopes for the
OAuth token expected in the authentication response.



TOC
9. Authorizing the OAuth Request

If the OpenID OAuth Extension is present in the authentication request, the Combined Provider SHOULD verify that the consumer key
passed in the request is authorized to be used for the realm passed in the request. If this verification succeeds, the Combined Provider
SHOULD determine that delegation of access from a user to the Combined Consumer has been requested.

The Combined Provider SHOULD NOT issue an approved request token unless it has user consent to perform such delegation.



TOC
10. Responding to Authentication Requests

If the OpenID authentication request cannot be fulfilled (either in failure mode "setup_needed" or "cancel" as in Sections 10.2.1 and
10.2.2 of [OpenID] ) then the OAuth request SHOULD be considered to fail and the Provider MUST NOT send any OpenID OAuth
Extension values in the response.

The remainder of this section specifies how to handle the OAuth request in cases when the OpenID authentication response is a positive
assertion (Section 10.1 of [OpenID] ).

If the end user does wish to delegate access to the Combined Consumer, the Combined Provider MUST include and MUST sign the
following parameters.

openid.ns.oauth
REQUIRED. Identical value as defined in Section 8 .
openid.oauth.request_token
REQUIRED. A user-approved request token.
openid.oauth.scope
OPTIONAL. A string that encodes, in a way possibly specific to the Combined Provider, one or more scopes that the returned
request token is valid for. This will typically indicate a subset of the scopes requested in Section 8 .

To note that the OAuth Authorization was declined or not valid, the Combined Provider SHALL only respond with the parameter

Published in: Technology, Education

×