[TYPO3-core] State of TYPO3 OpenID

Dmitry Dulepov dmitry.dulepov at gmail.com
Tue Jul 9 17:11:50 CEST 2013


Christian Weiske wrote:
> The spec clearly defines the protocol flow as first sending the user to
> the discovered endpoint. Also, it is explicitely stated that the
> identifier given by the end user may be an endpoint URL, and not an
> OpenID itself.
> The current TYPO3 openid code expects it to be a OpenID URL. It
> verifies that a user with the OpenID URL exists in the database before
> even discovering the OpenID endpoint.

Not correct. The endpoint is handled by the library we use in the 
extension. It makes all necessary data exchanges, requests, etc. At least 
it was so when I initially wrote the extension.

Dmitry Dulepov

More information about the TYPO3-team-core mailing list