Geek Answers Handbook

Get OpenId User Information (Claims) Between Vendors

I use DotNetOpenAuth to login as part of my login process. It works great for authentication processing, but the process of extracting user information from various openId providers does not work very well.

Using MyOpenId. I get the full information that I request using RequestsRequest with DotNetOpenAuth. Apparently, it uses the SREG protocol to request and receive this content. This works fine with MyOpenId, but does nothing for Google or Yahoo and other providers that do not support this protocol (yet?).

Is there a way to get cross-provider user information using DotNetOpenAuth (or some other mechanism other than RPX (doesn't look for another person in the middle: -}))?

+4
source share
3 answers

I recommend that you look at the actual exchanges that are taking place. That is, when your service redirects the user to the provider, finds out what parameters are sent, and then, when the user returns, also find out which parameters are transferred.

In OpenID 2, there are two ways to request user information: Exchange attribute (AX) and Simple registration (SREG). Not sure what SIG is. Regardless of whether the providers implement these protocols and what information they provide, it is their choice (first, and then, I hope, the choice of the user).

I found that Google supports AX and always provides an email address, and sometimes a username and last name. In my experience, Yahoo provides nothing but the declared identifier. As a result, I do not accept Yahoo as a provider, see http://pypi.python.org/pypi?:action=openid

+2
source

For clarification, I am sending this link as an answer:

http://www.dotnetopenauth.net/developers/code-snippets/the-axfetchassregtransform-behavior/

This link contains configuration file settings for the behavior of AXFetchAsSregTransform in a small configuration example (as mentioned by Andrew) that allows you to use ClaimsRequest () to get SREG and AX information.

This allows you to retrieve some (but not all) of the request information. For Google, it works with email search at a minimum.

To make a request:

var req = openid.CreateRequest(Request.Form["openid_identifier"]); var fields = new ClaimsRequest(); fields.Email = DemandLevel.Require; fields.FullName = DemandLevel.Require; req.AddExtension(fields); return req.RedirectingResponse.AsActionResult();

to get an answer:

 var claim = response.GetExtension<ClaimsResponse>(); string email = null, fullname= null, password = null; if (claim != null) { email = claim.Email; fullname = claim.FullName; }

Please note that Google only seems to take the email address and it needs DemandLevel.Require, otherwise nothing is returned.

+1
source

See my answer to a very similar question here:

Unable to get attributes from DotNetOpenId response

Addition . Here I wrote a blog post that I wrote on this subject. Note that I wrote this before I wrote the behavior of AXFetchAsSregTransform, so some of them are lighter than the ones presented in the blog post. But, in particular, it mentions that Google ignores all attribute requests that are "optional." Therefore, you must make the email "required" in order to receive it.

http://blog.nerdbank.net/2009/03/how-to-pretty-much-guarantee-that-you.html

0
source

More articles:


All Articles