[pLog-svn] r4415 - in plugins/branches/lifetype-1.1: . openid openid/class openid/class/action openid/class/view openid/locale openid/templates

Paul Westbrook paul at westbrooks.org
Sat Dec 23 18:20:45 GMT 2006 

Hello,
    I do use bad behavior, and I didn't have any problem.  I wasn't  
testing with LiveJournal, but with some other openid sites.  We could  
make the change to our bad behavior plugin to allow URI:Fetch, but we  
should also notify the author, so he can be aware of this problem.

    Ideally, I think that we should display a LifeType login page,  
instead of the dialog.  This would give the users the context for  
where they are logging in.  This would also allow us to do what you  
suggested, where if you are logged in to LifeType, the password  
wouldn't appear.  I am not that familiar with doing that in html/php,  
so I will defer to someone with more experience with this.

    In the mean time, I will change the prompt to be something  
related to LifeType/OpenID, so to give the user more context.   
Unfortunately, if we wanted the blog name to appear, the blog id will  
have to be added as a parameter to the open id url.

   I will also look at pulling the user's information out of the user  
object and put it in the sreg array.

--Paul


On Dec 23, 2006, at 9:58 AM, Jon Daley wrote:

> 	You use bad behavior, right?  Did you try it with bad behavior  
> enabled?  I am getting blocked when trying to post on LifeJournal,  
> due to the test on line 39 of common-tests, something about the  
> Range http header being bad.  There is an exception made for user- 
> agent: MovableType, so I thought maybe another exception should be  
> LiveJournal, but their user-agent is URI::Fetch/0.03, so that  
> sounds less like something you would want to make an exception for.
>
> 	Also, it is slightly disconcerting for a password dialog to appear  
> asking for my LifeType password when I am posting on another site.   
> Am I really guaranteed that the password dialog is coming from my  
> site, and not faked?  Maybe it would be better to replace the  
> phpmyid with the blogname or something, so it looks a little more  
> personalized, and harder to fake.
> 	Maybe the better solution is to already be logged into LifeType  
> before posting the comment?
>
> 	And lastly, is there a way to have my name show up on the comment,  
> (maybe by editing the openid.php sreg array?) instead of just my URL?
>
> All that said, it works, and that is nifty:
> http://welldone.livejournal.com/83972.html?view=169220#t169220
>
>
> On Sat, 23 Dec 2006, pwestbro at devel.lifetype.net wrote:
>> First pass at the OpenID plugin.
>>
>> When using your blog url as the OpenID, you can use your LifeType
>> username/password to authenticate your OpenID identity.
>>
>> Ideally, this would use digest authentication, but there isn't an  
>> api on the
>> users object that takes the md5 version of the username and password
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn

--
Paul Westbrook
paul at westbrooks.org
<http://www.westbrooks.org>

More information about the pLog-svn mailing list