Many OpenID providers support extensions beyond the basic pass/fail state delivered through the standard OpenID implementation. These extensions allow an OpenID consumer to obtain some general information about the user authenticating through the service from her profile or to add levels of security to the authentication process.
Before using an OpenID extension, you should ensure that your chosen provider supports the extension and full functionality that you are trying to implement. Even though many providers support the same extensions, some support different subsets of data within those extensions—meaning that you may not get all of the results you’re expecting.
Besides the OAuth hybrid extension (which we will explore in much greater detail in the next chapter), the main OpenID extensions, and those that we will examine in this chapter, are:
Allows the relaying party to capture very basic personal information about a user, where available through her profile or the OpenID provider itself
Enables the relaying party to capture more extensive personal information about a user, including the information delivered through Simple Registration
Allows the relaying party and provider to apply certain previously agreed-upon policies to the OpenID authentication process
Now that we have seen a brief overview of what each extension offers, let’s drill down into them to learn ...