[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3

Xavier Perseguers typo3 at perseguers.ch
Wed Oct 29 09:15:52 CET 2008 

Hi Dmitry,

> I'd like to comment on one issue to prevent harm.
> 
> Oliver Hader wrote:
>> * Why is the final FE user authentication implemented to use AJAX and is
>> there a complement in the back-end?
> 
> There is no AJAX there. Here is what Wikipedia says about AJAX:
> "With Ajax, web applications can retrieve data from the server
> asynchronously in the background without interfering with the
> display and behavior of the existing page". Nothing like that
> happens in OpenID extension.
> 
> I think the confusion happens because OpenID extension uses eID
> TYPO3 feature to receive response from the OpenID provider. eID is
> not related to AJAX. It is often used for AJAX calls but it has no
> direct relation to AJAX at all. It can be used for any purpose if
> full initialization of TYPO3 Frontend is not necessary.

Good point to explain that to everybody. I must admit I did not 
understand why Oliver wrote that he saw AJAX in OpenID but with your 
explanation I see where it (seems to) come from.

> The reason for using eID in the OpenID is quite simple. TYPO3
> requires certain parameters for user authentication and extra
> parameters for the OpenID authentication. These parameters are
> firsts passed to the OpenID provider, who sends them back to the
> requesting server after authentication. If all this
> <strike>shit</strike> stuff in the URL is sent to the real page, it
> will look very ugly and puzzling to the user. Using eID hides these
> details, gives more comfort to the user and provide a clean page URL
> after user is authenticated.

BTW, yesterday, after updating SVN on a test environment (another one 
than the one I used for providing feedback to this extension), I got an 
error after the authentication, on the way back to the eID call: Request 
URI is too long (Error 414), which I did never encountered yet. After a 
bit investigation, the problem relies in the load balancer I use (Pound, 
http://www.apsis.ch/pound/). I guess I'll have to compile it myself to 
allow OpenID to run smoothly on this server ;-)

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html

More information about the TYPO3-team-core mailing list