How to add other Open ID providers to OpenIdRelyingParty?

views:

191

answers:

+1 Q:

How to add other Open ID providers to OpenIdRelyingParty?

I'm trying to implement a relying party (the web site I'm working on) using DotNetOpenAuth on ASP.NET MVC. I'm using the current version 3.3.1.

Using the included MVC sample, I can see that the OpenIdRelyingParty class can automatically recognize and redirect to some open ID providers such as myopenid.com and Yahoo based on the ID specified by the user.

How do I get OpenIdRelyingParty to do the same for Windows Live/Hotmail and Google Open IDs?

UPDATE

My problem could be that I'm not clear on what an Open ID is, here is what I'm doing, maybe someone could explain why my expectation is wrong:

When I enter a Yahoo email address as the Open ID, it redirects to the Yahoo login page. Cool.
When I enter my unique myopenid.com name, it redirects to myopenid.com login page. Cool.
But when I do the same for a Windows Live email address, Hotmail address or Gmail address, I get an error "No Open ID endpoint found".

If the Open ID must be a URL, then why does using a Yahoo email address work? I thought this was because the OpenIdRelyingParty class had some intelligence to map common email addresses to provider URLs... am I missing something here?

+1 A:

The URL that your users enter in the OpenID field is enough for redirection (for example http://blowdart.openid.example), assuming the OpenID provider is a complete OpenID provider. You shouldn't need to do anything special.

blowdart 2010-01-11 09:58:09

I've added an Update to my question... it could be that I'm just not clear on Open ID. This is really my first attempt with it.

DSO 2010-01-11 10:19:55

+2 A:

It works "automatically" for myopenid.com and many others because those are actual OpenID providers.

Email addresses are not OpenID identifiers, but because of the OpenID identifier parsing rules, email addresses happen to work if the domain part of the email address is an "OP identifier". "yahoo.com" itself is an OpenID identifier, so any email address ending with @yahoo.com works as well, which is what you're seeing.

The reason Gmail and Live ID emails and URLs don't work is because Live ID is not an OpenID provider (yet). And Gmail's OP Identifier isn't merely 'gmail.com' unfortunately. Rather, it's https://www.google.com/accounts/o8/id Seriously. It's a long URL. But if you type that in (or just tinyurl.com/googop) you'll get to log in using your Gmail (or any Google) account.

Andrew Arnott 2010-01-11 14:55:01

Thanks that explains it. However Windows Live does implement Open ID. I know because I have been experimenting with RPX service (http://rpxnow.com) and they do support Windows Live as an Open ID provider. I created a Live Services AD Federation account (http://live.azure.com) and provided the AppID and Secret Key to my RPX account, and it all works going through RPX. I guess if I'm using DotNetOpenAuth, I just need to figure out what the Live Open ID URL is, and how to pass the secret key (I'll have to post a separate question for that)

DSO 2010-01-11 15:55:24

Live ID *does not* implement OpenID. RPX offers a Windows Live ID login button, true, but it doesn't use OpenID underneath. In fact RPX offers several buttons (Facebook Connect, Live ID, Twitter) that are not OpenID buttons. RPX wraps them all up so they look like they're the same technology, but they're not.Microsoft rolled out a preview of an OpenID Provider last year, but they've since closed it down and haven't published any new offering of it yet. If you need any more convincing, I'm a Microsoft employee if that bears any weight here. :)

Andrew Arnott 2010-01-12 03:51:50

ansaurus

tags:

views:

answers:

How to add other Open ID providers to OpenIdRelyingParty?

related questions