Skip to content

Unorganized Notes

Jump to bottom Edit New page
viatropos edited this page Sep 14, 2010 · 1 revision

Why is RPXNow saying it’s OpenID? It’s using OpenID in a few places, but Flickr, Facebook, and Twitter, to name a few, don’t have OpenID! It’s a lie.

http://svn.eastmedia.com/svn/bantay/plugins/trunk/restful_open_id_authentication/lib/controller_methods.rb

http://github.com/matthooks/authlogic-activation-tutorial

  1. Confirmation and Activation

We’re not guaranteed an email when using OpenID or Oauth. So we have the option of prompting the user to enter in their email address after they have gone through the authentication process. This will set the user to “confirmed”. Or is that “active”?

Notes:

- RPXNow forces you to enter in an email address, so we’re guaranteed an email.

Todo:

- Autoregister
- Popups according to OP UX BP.
- Confirm email and others if desired.
- Normalized Profiles
- Handle if they press “cancel” or “deny” on the OpenID provider
- Consider putting temporary session variables into Flash
- If you have something typed into OpenID field, and you click Oauth Provider, it should do Oauth Provider.
- For some reason `auth_controller.request.method` is returning “POST” instead of “PUT” for “update” in Rails 3.

Login should be the easiest part of building a web application, and it should be free. Right now it’s the opposite, login is one of the hardest parts of building a site, and if you want to use a fully featured service like RPXNow, you have to pay (I want to be able to customize the interface, so I can’t use the free version). This should be able to do everything RPXNow can do and a) more, and b) easier.

1. Confirmation. Like StackOverflow.
2. In order to get their email (if the service doesn’t provide it or they are logging in fresh from a different device and want to associate their account), they should type in their email and we should send a confirmation. In the background we can tie the accounts together. Like RPXNow.
3. Normalized Profile data (open-profile gem). Reads h-cards from relevant sites, or uses API when necessary.
4. vCard of Profile data in demo app.

https://rpxnow.com/features

  1. http://oauth.net/core/1.0a/#signing_process
  1. OpenID, Simple Registration, and Attribute Exchange (AX)

You can get these 8 parameters from most OpenID providers:

nickname, email, fullname, dob, gender, postcode, country, language, timezone

http://github.com/dbloete/masquerade/blob/master/app/controllers/consumer_controller.rb
http://www.axschema.org/types/
http://stackoverflow.com/questions/11903/openid-attribute-exchange-should-i-use-it
http://blogs.gnome.org/jamesh/2007/11/26/openid-ax/

RPXNow has name, email address, gender, birthday, timezone, website, phone number, and profile picture

https://rpxnow.com/docs

http://factoryjoe.com/blog/2007/11/01/hcard-for-openid-simple-registration-and-attribute-exchange/

http://microformats.org/wiki/hcard-supporting-user-profiles

use http://github.com/mwunsch/prism to parse hcard for supporting sites

identifier, guaranteed
providerName, guaranteed
primaryKey
displayName
preferredUsername
name
gender
birthday
utcOffset
email
verifiedEmail
url
phoneNumber
photo
address
limitedData

http://blog.janrain.com/2010/04/data-reveals-trends-among-social-media.html

[OpenID UI Extension](http://svn.openid.net/repos/specifications/user_interface/1.0/trunk/openid-user-interface-extension-1_0.html)

[OpenID UX Best Practices for OPs (OpenID Provider)](http://wiki.openid.net/Details-of-UX-Best-Practices-for-OPs)
[OpenID UX Best Practices for RPs (Relying Party)](http://wiki.openid.net/Details-of-UX-Best-Practices-for-RPs)
[OpenID RP PDF](http://wiki.openid.net/f/OpenID+RP+06162009.pdf)

Add a custom footer
Add a custom sidebar
Clone this wiki locally