O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Bypassing Domain Discovery Errors in OpenID

As part of their OpenID process, some providers require the relaying party to implement a domain discovery mechanism for when an end user transitions through the authentication screens. If this mechanism is not in place, these providers display warning messages to the user stating that they could not verify the relaying website. Figure 11-5 shows an example of this on Yahoo!.

Yahoo! OpenID authentication screen

Figure 11-5. Yahoo! OpenID authentication screen

Warning

Displaying domain discovery warnings in your OpenID process can dramatically increase the drop-off rate of users logging in through your site.

Depending on the provider that you are working with for your OpenID implementation, you may be required to create an XRDS domain verification file, which allows you to define yourself as the site owner and in turn allows the provider to verify your site.

Creating one of these documents is a multistep process that requires you to have access to the root of your domain. The XRDS file itself will be a short XML document with a custom content-type header applied.

Before we go through these steps, let’s look at what an XRDS file might look like. In this example, the XRDS file is saved as xrds.php.

<?php header('Content-Type: application/xrds+xml'); $xrd = '<?xml version="1.0" encoding="UTF-8"?><xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)">' ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required