tags:

views:

55

answers:

1
+1  Q: 

Adobe AIR: problem with OpenID / rpxnow logins

Does Adobe Air work with OpenID/rpxnow?

I'm having a developer build me an AIR app to work with my website so I can have access to desktop photos.

However, my site uses OpenID logins via the rpxnow.com implementation. Works fine in the web version, but my developer has told me that he cannot do rpxnow/openid logins from the AIR app because it doesn't allow pop-ups and/or redirects.

Has anyone found a workaround?

m.

A: 

There are many implementations of OpenID for Adobe Flex. Just google Flex OpenID and you'll find lots of results.

http://anirudhs.chaosnet.org/blog/2009.02.17.html

OpenID is slightly more complicated in a desktop app than in a web app due to how OpenID works, but it's still doable. OpenID redirects from the signing-in site to the authenticating site and then back to the signing-in site. Since the desktop app is a desktop app and not a site, the authenticating site can't really redirect back to the app. But the app can provide a fake redirect url and then hook into the browser component events to listen for a redirect back to this fake url, and when it's detected finish the authentication.

Sam  2010-05-04 03:28:53
I'm very wary about any desktop app that claims to do OpenID. I betcha it's not secure and neither is the web site that allows access to its data in this way. OAuth is the way to go for this scenario.
Andrew Arnott  2010-05-04 19:09:49
@Andrew Arnott, I agree it's less secure but the website has no way to know if a custom desktop app is behind the http request vs a standard browser (or even if there is a browser plugin interacting with the request and possibly saving form data). All the website sees is http headers and form fields. It's up to the user to decide if they want to enter their credentials or not.
Sam  2010-05-05 00:04:40

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?