| Project: | OpenID Client AX |
| Version: | 6.x-6.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Aron Novak |
| Status: | closed (fixed) |
| Issue tags: | OpenID AX update |
Issue Summary
The update_url needs to be sent via the openid client (relying party) to the provider in the fetch request, then:
"If present, the OpenID Provider may re-post the fetch response
message to the specified URL at some time after the initial response
has been sent, using a OpenID Authentication Positive Assertion."
http://openid.net/pipermail/specs/2007-October/002014.html
The update of the values in uni-directional (provider -> relying party) according to the openid specs, the RP should be almost stateless (only caching), so the provider should have always the latest data. We cannot really ensure that the user cannot edit his profile on relying party side, or can we do that?
Things to do on the client side:
- Provide a menu path for the update_url what identifies the user
- Handle the incoming values, update the profile node
Sreg modules are not affected, no update mechanism is available for SReg values.
Comments
#1
hook_openid_client() needs to be extended with an 'update' $op as well and update the saved node profile.
openid_client_ax needs to provide that callback url for the provider side.
#2
Good summary here under "Asynchronous Attribute Updates":
http://blogs.gnome.org/jamesh/2007/11/26/openid-ax/
#3
First iteration of the patch. Untested.
#4
Dependencies:
#506506: Update node profile, add new $op to openid_client
#5
* fixes D5 style call to url()
* swicthing to v2 protocoll for assertion verification
Patch attached.
#6
Updated patch to meet Drupal requirements.
#7
Changed the menu item type of openid/update from default MENU_NORMAL_ITEM to MENU_CALLBACK to avoid appearance of empty menu item in navigation menu.
#8
Committed.
#9
#10
Automatically closed -- issue fixed for 2 weeks with no activity.