> http://www.windley.com/archives/2006/04/how_does_openid.shtml > http://en.wikipedia.org/wiki/OpenID > > Basically you post the login credentials to your second app through URL > +POST parameters, your second app authenticates and sends back the > data needed to identify the user, first app uses this to create the > session. This is extremely simplified and you'll need to worry about > security, establishing trust between the apps etc. > > Another way to go about it is to use ActiveResource, which basically > establishes interapp communication on a server level. > > It all depends on your needs basically. Don't try to overcomplicate > matters too much by trying to decentralize too much (decentralization > has its uses and advantages, but it also brings a whole slew of extra > work).
Mmm.. but in this case you're considering that there are two separated applications, but actually there is only one application which manage both the main and the external apps/domains. The signin/signup page will be on the main address (in order to have a correct ssl from the main domain), but then the user will be redirected back to the external domain. This shouldn't be a big problem, my worry is about the session cookie, having it set on the main domain it would refer to it, and it actually won't be in the external one. Otherwise to solve it the signup/signin page could be on the external domain too, but without a ssl page it wouldn't be so cool (actually it would be better on everypage, but i'm worried that it would overcomplicate a lot all the system) -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
