Coffeehouse Thread

13 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

OpenID in LiveID

Back to Forum: Coffeehouse
  • User profile image
    staceyw

    LiveID is opening to OpenID:
    http://self-issued.info/?p=89

    Pretty cool.  Now will there be some simple client api/rest api to validate a user credentials?  Will such be included in Azur?
    i.e.

    bool result = LiveID.Authorize("liveid", "password");
    result = LiveID.Authorize("openidurl", "password");

  • User profile image
    Larsenal

    I agree that it's pretty cool.  Hopefully they'll give us some nice libraries to work in the OpenID world.

  • User profile image
    blowdart

    It's not cool at all. Not really.

    But I ranted about this already on my blog.

  • User profile image
    blowdart

    That's not how OpenID, or even Live works.

    You don't take the usernames and passwords, you push to their login screens, which in turn post back to you. So there is no authenticate method as you see it.

  • User profile image
    jjesse

    blowdart said:
    That's not how OpenID, or even Live works.

    You don't take the usernames and passwords, you push to their login screens, which in turn post back to you. So there is no authenticate method as you see it.
    I agree with Blowdart.  The problem is we don't need more openid providers, we need more openid consumers.  Channel9, MSDN forums, hotmail, Facebook, and Google should all consume open ids.
    The problem is that then we store some of our profile informaiton elsewhere and they would lose out on that.

    www.identi.ca the open source twitter clone is a consumer of openid, so I use my open id from Ubuntu (launchpad.net is a provider and their wiki's are conumser's) to authenticate against identi.ca and all of the Ubuntu sites.

    Now if i could just standarize against one open id provider (whether Yahoo, MS, or someone else) and sign in across the board then I would be excited.

    Jonathan

  • User profile image
    Larsenal

    jjesse said:
    blowdart said:
    *snip*
    I agree with Blowdart.  The problem is we don't need more openid providers, we need more openid consumers.  Channel9, MSDN forums, hotmail, Facebook, and Google should all consume open ids.
    The problem is that then we store some of our profile informaiton elsewhere and they would lose out on that.

    www.identi.ca the open source twitter clone is a consumer of openid, so I use my open id from Ubuntu (launchpad.net is a provider and their wiki's are conumser's) to authenticate against identi.ca and all of the Ubuntu sites.

    Now if i could just standarize against one open id provider (whether Yahoo, MS, or someone else) and sign in across the board then I would be excited.

    Jonathan
    "I agree with Blowdart.  The problem is we don't need more openid providers, we need more openid consumers. "

    True.  But more providers will hopefully push the adoption those considering whether or not to make their apps consumers.

  • User profile image
    SlackmasterK

    Crud... I just integrated LiveID into my blogging engine - will I have to redo it?

  • User profile image
    staceyw

    blowdart said:
    That's not how OpenID, or even Live works.

    You don't take the usernames and passwords, you push to their login screens, which in turn post back to you. So there is no authenticate method as you see it.
    "You don't take the usernames and passwords, you push to their login screens, which in turn post back to you. So there is no authenticate method as you see it."

    That is why I want an api.  The current method if your app wants to support liveid, openid, and/or infocard is too complex with too many moving parts and one off libraries (i.e. openid library, liveid, infocard, etc).  From a smart client or "off-browser" sl client, you really want a method call, not a redirect to web page and a post back.  Personally, I think they need to figure out a secure way to auth via a Rest api and in Client Application Services so we only need one api and can auth to an asp membership service with any supported id type. 

  • User profile image
    staceyw

    jjesse said:
    blowdart said:
    *snip*
    I agree with Blowdart.  The problem is we don't need more openid providers, we need more openid consumers.  Channel9, MSDN forums, hotmail, Facebook, and Google should all consume open ids.
    The problem is that then we store some of our profile informaiton elsewhere and they would lose out on that.

    www.identi.ca the open source twitter clone is a consumer of openid, so I use my open id from Ubuntu (launchpad.net is a provider and their wiki's are conumser's) to authenticate against identi.ca and all of the Ubuntu sites.

    Now if i could just standarize against one open id provider (whether Yahoo, MS, or someone else) and sign in across the board then I would be excited.

    Jonathan

    www.identi.ca the open source twitter clone is a consumer of openid, so I use my open id from Ubuntu (launchpad.net is a provider and their wiki's are conumser's) to authenticate against identi.ca and all of the Ubuntu sites.

    Isn't this the point however?  If you can login to any MS site using your openid, they become an openid consumer just like identi.ca.

  • User profile image
    Cannot​Resolve​Symbol

    staceyw said:
    jjesse said:
    *snip*

    www.identi.ca the open source twitter clone is a consumer of openid, so I use my open id from Ubuntu (launchpad.net is a provider and their wiki's are conumser's) to authenticate against identi.ca and all of the Ubuntu sites.

    Isn't this the point however?  If you can login to any MS site using your openid, they become an openid consumer just like identi.ca.

    Live.com is going to be an OpenID provider, not a consumer.  You can't use your openid from another site to log into any MS site; rather, you can use your LiveID to log in to any OpenID site.

  • User profile image
    Duncanma

    jjesse said:
    blowdart said:
    *snip*
    I agree with Blowdart.  The problem is we don't need more openid providers, we need more openid consumers.  Channel9, MSDN forums, hotmail, Facebook, and Google should all consume open ids.
    The problem is that then we store some of our profile informaiton elsewhere and they would lose out on that.

    www.identi.ca the open source twitter clone is a consumer of openid, so I use my open id from Ubuntu (launchpad.net is a provider and their wiki's are conumser's) to authenticate against identi.ca and all of the Ubuntu sites.

    Now if i could just standarize against one open id provider (whether Yahoo, MS, or someone else) and sign in across the board then I would be excited.

    Jonathan
    I would love to add Open ID support to Channel 9 ... much more so than I'd like to support Info Cards, but I've already walked through my feelings about that with Blowdart before... last time I asked the official folks around here I was told "sure, go for it... Open ID 2.0 only though" and then I went away and, at the time, found out that Open ID 2.0 was only a gleam in someone's eye... that kind of killed my plans for the time. Now, if I could come up with a non-ugly way to give users a choice between Live ID, Open ID, Info Card and 'old school' userid/password ... and figure out how to still do automatic silent auth to the right provider when you hit us with a valid but expired ticket (you might have noticed that happens with Live ID ... sometimes you hit C9, get redirected to Live and then back to C9 without ever seeing any Live ID UI, it is just refreshing your authentication ticket...

    My initial thought? Have the sign in link on the upper left go to an intermediate page like this:



    at least the first time, and then hopefully we could use a good old fashioned cookie to remember that (at least on this machine) you use Live ID or Open ID or whatever and then send you to the right place directly when you click on the Sign-in link (maybe we could add a 'remember my choice' checkbox to that intermediate auth page)

    Anyone have a good multiple authentication method UI to show me?

    What I'd really love is if some of the Info Card pushing folks in my office would just open up VS and add that feature to our site, instead of sending me links to MSDN when I ask questions about how to implement it Smiley

  • User profile image
    jjesse

    Duncanma said:
    jjesse said:
    *snip*
    I would love to add Open ID support to Channel 9 ... much more so than I'd like to support Info Cards, but I've already walked through my feelings about that with Blowdart before... last time I asked the official folks around here I was told "sure, go for it... Open ID 2.0 only though" and then I went away and, at the time, found out that Open ID 2.0 was only a gleam in someone's eye... that kind of killed my plans for the time. Now, if I could come up with a non-ugly way to give users a choice between Live ID, Open ID, Info Card and 'old school' userid/password ... and figure out how to still do automatic silent auth to the right provider when you hit us with a valid but expired ticket (you might have noticed that happens with Live ID ... sometimes you hit C9, get redirected to Live and then back to C9 without ever seeing any Live ID UI, it is just refreshing your authentication ticket...

    My initial thought? Have the sign in link on the upper left go to an intermediate page like this:



    at least the first time, and then hopefully we could use a good old fashioned cookie to remember that (at least on this machine) you use Live ID or Open ID or whatever and then send you to the right place directly when you click on the Sign-in link (maybe we could add a 'remember my choice' checkbox to that intermediate auth page)

    Anyone have a good multiple authentication method UI to show me?

    What I'd really love is if some of the Info Card pushing folks in my office would just open up VS and add that feature to our site, instead of sending me links to MSDN when I ask questions about how to implement it Smiley

    As far as I know, and I'm not a developer at all, the sites I've mentioned set a cookie for you so all you do is use your Open ID once and then don't worry about it.
    One problem is that on some sites when viewed through a mobile device don't work very well with the open id account

    JOnahtan

  • User profile image
    blowdart

    Duncanma said:
    jjesse said:
    *snip*
    I would love to add Open ID support to Channel 9 ... much more so than I'd like to support Info Cards, but I've already walked through my feelings about that with Blowdart before... last time I asked the official folks around here I was told "sure, go for it... Open ID 2.0 only though" and then I went away and, at the time, found out that Open ID 2.0 was only a gleam in someone's eye... that kind of killed my plans for the time. Now, if I could come up with a non-ugly way to give users a choice between Live ID, Open ID, Info Card and 'old school' userid/password ... and figure out how to still do automatic silent auth to the right provider when you hit us with a valid but expired ticket (you might have noticed that happens with Live ID ... sometimes you hit C9, get redirected to Live and then back to C9 without ever seeing any Live ID UI, it is just refreshing your authentication ticket...

    My initial thought? Have the sign in link on the upper left go to an intermediate page like this:



    at least the first time, and then hopefully we could use a good old fashioned cookie to remember that (at least on this machine) you use Live ID or Open ID or whatever and then send you to the right place directly when you click on the Sign-in link (maybe we could add a 'remember my choice' checkbox to that intermediate auth page)

    Anyone have a good multiple authentication method UI to show me?

    What I'd really love is if some of the Info Card pushing folks in my office would just open up VS and add that feature to our site, instead of sending me links to MSDN when I ask questions about how to implement it Smiley

    Hey I *offered*

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.