[jdev] XEP-0070 use case: OpenID
Norman Rasmussen
norman at rasmussen.co.za
Tue Dec 5 06:40:17 CST 2006
On 12/3/06, Norman Rasmussen <norman at rasmussen.co.za> wrote:
> For those interested, I've created an OpenID [1] provider [2] that
> uses XEP-0070 for authentication.
question: xep-0070 requires: The request MUST include a transaction
identifier for the request. This identifier MUST be unique within the
context of the HTTP Client's interaction with the HTTP Server. If the
HTTP request is generated by the XMPP Client (e.g., because the HTTP
URL was discovered via Out-of-Band Data [4]) then the transaction
identifier SHOULD be generated by the client; if not, the transaction
identifier SHOULD be provided by the human user who controls the HTTP
Client.
so the question is: where would I get this value? With OpenID there's
no 'password' field for the user to enter. I'm currently leaving
transaction id blank in the xml stanza, should I be generating a
random id? maybe passing in the user's OpenID url?
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the JDev
mailing list