[pLog-svn] r4415 - in plugins/branches/lifetype-1.1: . openid
openid/class openid/class/action openid/class/view
openid/locale openid/templates
Paul Westbrook
paul at westbrooks.org
Sat Dec 23 18:20:45 GMT 2006
Hello,
I do use bad behavior, and I didn't have any problem. I wasn't
testing with LiveJournal, but with some other openid sites. We could
make the change to our bad behavior plugin to allow URI:Fetch, but we
should also notify the author, so he can be aware of this problem.
Ideally, I think that we should display a LifeType login page,
instead of the dialog. This would give the users the context for
where they are logging in. This would also allow us to do what you
suggested, where if you are logged in to LifeType, the password
wouldn't appear. I am not that familiar with doing that in html/php,
so I will defer to someone with more experience with this.
In the mean time, I will change the prompt to be something
related to LifeType/OpenID, so to give the user more context.
Unfortunately, if we wanted the blog name to appear, the blog id will
have to be added as a parameter to the open id url.
I will also look at pulling the user's information out of the user
object and put it in the sreg array.
--Paul
On Dec 23, 2006, at 9:58 AM, Jon Daley wrote:
> You use bad behavior, right? Did you try it with bad behavior
> enabled? I am getting blocked when trying to post on LifeJournal,
> due to the test on line 39 of common-tests, something about the
> Range http header being bad. There is an exception made for user-
> agent: MovableType, so I thought maybe another exception should be
> LiveJournal, but their user-agent is URI::Fetch/0.03, so that
> sounds less like something you would want to make an exception for.
>
> Also, it is slightly disconcerting for a password dialog to appear
> asking for my LifeType password when I am posting on another site.
> Am I really guaranteed that the password dialog is coming from my
> site, and not faked? Maybe it would be better to replace the
> phpmyid with the blogname or something, so it looks a little more
> personalized, and harder to fake.
> Maybe the better solution is to already be logged into LifeType
> before posting the comment?
>
> And lastly, is there a way to have my name show up on the comment,
> (maybe by editing the openid.php sreg array?) instead of just my URL?
>
> All that said, it works, and that is nifty:
> http://welldone.livejournal.com/83972.html?view=169220#t169220
>
>
> On Sat, 23 Dec 2006, pwestbro at devel.lifetype.net wrote:
>> First pass at the OpenID plugin.
>>
>> When using your blog url as the OpenID, you can use your LifeType
>> username/password to authenticate your OpenID identity.
>>
>> Ideally, this would use digest authentication, but there isn't an
>> api on the
>> users object that takes the md5 version of the username and password
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
--
Paul Westbrook
paul at westbrooks.org
<http://www.westbrooks.org>
More information about the pLog-svn
mailing list