OpenID Extensions
Many OpenID providers support extensions beyond the basic pass/fail state delivered through the standard OpenID implementation. These extensions allow an OpenID consumer to obtain some general information about the user authenticating through the service from her profile or to add levels of security to the authentication process.
Warning
Before using an OpenID extension, you should ensure that your chosen provider supports the extension and full functionality that you are trying to implement. Even though many providers support the same extensions, some support different subsets of data within those extensions—meaning that you may not get all of the results you’re expecting.
Besides the OAuth hybrid extension (which we will explore in much greater detail in the next chapter), the main OpenID extensions, and those that we will examine in this chapter, are:
- Simple Registration (SREG)
Allows the relaying party to capture very basic personal information about a user, where available through her profile or the OpenID provider itself
- Attribute Exchange (AX)
Enables the relaying party to capture more extensive personal information about a user, including the information delivered through Simple Registration
- Provider Authentication Policy Extension (PAPE)
Allows the relaying party and provider to apply certain previously agreed-upon policies to the OpenID authentication process
Now that we have seen a brief overview of what each extension offers, let’s drill down into them to learn ...
Get Programming Social Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
