Has anyone tried using OpenID? I setup my iPhone app to use that and it's wonderful. I'm using Ruby on Rails, and I have a bug where it doesn't work in production mode, but it works perfect and fast in development mode. The person creates an OpenID account at say myopenid.com. They then enter in their URL from their OpenID account into my OpenID Identity field in my app. The app invisibly goes out and asks the OpenID server is this person's OpenID account authorizes logging into my app. If so, the app simply logs them in. I show a notice "Successfully logged in via OpenID" at the top.
If the person has never been to my site, the app contacts the OpenID server and gets a reply that nothing has been authorized, so my app takes the person to their OpenID homepage where they can say "yes forever" "yes one time" or "no". If either yes was pressed, then they are taken back to my app where the app creates a user account for them automatically and logs them in. There is an option for OpenID where the user can enter meta tags in a webpage on their own domain that redirects the OpenID authentication back to their original OpenID account. Ie.when logging in, I just type guruhead.com (the shortest domain I own) and after about 2 seconds I am logged in. The OpenID account needs to be logged into for all of this automation to work. As soon as I log out of my OpenID page, I can no longer automatically log in anywhere. That's the security part. I log in once in the morning from my iPhone, then throughout the day, any site I go to that uses OpenID only requires me to type in my short domain, not a username - change field - password. Aside from trying to suss out the production bug, I am working on grabbing the person's profile; first/last name, email, location, from their OpenID account for populating their new account created on the fly in my app. I believe AOL supports OpenID, but I could be wrong on that. -=Randy On 7/20/07 8:32 AM, "Chuckles Nabaztag" <[EMAIL PROTECTED]> wrote: > > My understanding of it is that you *have* to go/send the usr to AOL; > hence the trusted nature. > > Its Sort of like a Paypal transaction in this sense, > But a website or Web App using OpenAuth doesn't have to tell > "convince" a user that they aren't harvesting their username and > password :) > > > On Jul 20, 2007, at 11:23 AM, Christopher Allen wrote: > >> >> On 7/20/07, Chuckles Nabaztag <[EMAIL PROTECTED]> wrote: >>> AOL's solution is to this is OpenAuth: http://dev.aol.com/openauth >> >> Does anyone know if OpenAuth can be done on the client entirely in >> javascript? >> >> -- Christopher Allen >> >>> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "iPhoneWebDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/iphonewebdev?hl=en -~----------~----~----~----~------~----~------~--~---
