O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Step 4: Provide OpenID Approved/Failed State and Hybrid Extension Parameters

The next step in the hybrid auth process is for the provider to deliver an approved or failed state back to the relaying party so that the relaying party knows whether it can exchange the preapproved OAuth request token for an access token to complete the hybrid process.

The components of this step are identical to those of the OpenID process. The user has gone through the authentication process in step 3 and will now be forwarded to the callback with the response state from the provider, as displayed in Figure 12-2.

Hybrid auth, step 4: Provider returns OpenID approved/failed response

Figure 12-2. Hybrid auth, step 4: Provider returns OpenID approved/failed response

The OpenID provider will first process the user authentication and generate a response to the provider site. This response will either include an approved state or one of several possible failed states, depending on the outcome of the user authentication.

If the provider returns an approved state, the response object (generally sent via query string parameters) will include all parameters required to complete the OpenID process as well as any OpenID extension responses.

Besides the OpenID response, the parameter passed to the return_to location that we really care about for the OAuth piece of the puzzle is openid.oauth.request_token. This is the preapproved OAuth request token from the provider that we will need to ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required