Step 3: Request User Authentication

Depending on the version of OpenID being used (OpenID version 1 or 2), the request for user authentication will take one of two courses from a programmatic perspective. The code will either:

  • Redirect the user to the endpoint established in the previous step (OpenID v1)

or:

  • Obtain the authentication form markup from the provider endpoint and print it out to the screen for the user (OpenID v2)

In both cases, the process that occurs between the relaying party and the user looks the same, as shown in Figure 11-3.

OpenID, step 3: Provider requests user authentication

Figure 11-3. OpenID, step 3: Provider requests user authentication

In general terms, the relaying party will display the authentication form to the user to have him authenticate herself against the OpenID provider (through either the form or redirect method).

When the relaying party establishes the request between the user and provider for authentication, the request will include a number of OpenID parameters, including those listed in Table 11-1.

Table 11-1. Authentication request parameters

Request parameter

Description

openid.ns

The OpenID namespace URI to be used. For instance, this should be http://specs.openid.net/auth/2.0 for OpenID 2.0 transactions.

openid.mode

The transaction mode to be used during the authentication process. The possible values are checkid_immediate or checkid_setup.

If the user should be able to interact with the OpenID provider, ...

Get Programming Social Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.