Eventually I was hoping to implement the "suck in" using the OpenId attribute exchange. So that you could create the local account once OpenId has been authenticated. You draw in the "nickname" and maybe email address and then create the local account.
This was only thoughts though, I haven't looked at doing anything concrete yet. Figuring out the proper abstractions for it is the trick. On 7/8/07, Phillip Rhodes <[EMAIL PROTECTED]> wrote: > Hi everyone (and especially Ray). > Got your openid lib working, great job. Thanks! You are working on the > weekend, I admire that! > > I am trying to work out the process in which a user has an openid account on > a 3rd party server, but they do not have an account for the openid client > application. > > 1) User has openid account http://rhodebump.myopenid.com/ > 2) User goes to openid client http://localhost/openidclient and this > application (using your acegi filter) will direct them to the myopenid.com > provider where they successfully login. > 3) myopenid.com directs user back to http://localhost/openidclient but since > the user is not provisioned in the openidclient, the > UserDetailsService.loadUserByUsername will fail. > > My use case is that the user has an openid account, but still needs to > complete some sort of registration process for the client application. I was > wondering if you thought of this at all and if we should provide for this > sort of case in the design/implementation of an openid provider. > > One thing that complicates the whole thing is the question that I think we > would want the person to be authenticated with openid before they do this > registration process. If they are authenticated using openid, we can "suck > in" some of the openid attributes from their provider to ease the > registration process. However, we can not login them in their current > account state since they can not be retrieve from the UserDetailsService > until they completed setup. > > It's sort of like there are 2 authentication states, the user can be > authenticated remotely, and authenticated locally. > Phillip > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
