Just thinking out loud..
It would be nice if one could plug-in / enforce specific IdP's in the OpenID module.
This might somewhat go against the nature of OpenID, but would be useful in intranet / extranet environments (especially when using auto-registration) and to support IdP-specific fields.
For instance, one my want to provide a button / link (like on https://www.plaxo.com/openid?r=/) on a Drupal site to Google, Yahoo, a company or government IdP... so the Drupal user does not have to remember URL's and/or his OpenID, The Drupal site owner might allow persons authenticated by a "trustworthy" IdP to sign up automatically for a Drupal account.
Comments
Comment #1
c960657 commentedI believe this is already possible using hook_openid_normalization_method_info(). Just replace the existing 'xri' and 'url' normalizers with a function that ignore any input and simply returns the URL of the OpenID Provider. Automatic sign-up using SREG or AX is already supported.
Does that address your needs? If not, could you be more specific about what new hooks or features you would like?
Comment #2
bart.hanssens commentedWell, I'm playing a bit with Drupal 6 + openid with a proof of concept of a Belgian eID - IdP, trying to reuse as much of the D7 core openid module code as possible. "Demo" can be found here: idp.rovin.be, code is hosted on http://code.google.com/p/eid-drupal-openid/
In short, I'd like to be able to
- allow a drupal admin to provide a list of "trusted" openid IdP's (with discovery)
- present the list as buttons underneath the regular user/pass fields, instead of having to click on the openID button and type in the openID url (http://drupal.org/project/comfortid is already an improvement, but still requires additional actions from the end user)
- optionally allow the drupal admin to override the "email verification" settings for openid users, so a user registering with a "trusted" IdP would not need to verify his/her account
- check the openid response_nonce (AFAIK this isn't implemented in the openid core module)
Obviously, I'm aiming at the Belgian eID using openid (instead of the reverse proxy approach used in http://drupal.org/project/eid), and while the drupal openid core module does work out-of-the-box, I think the features listed above would make it more userfriendly...
Comment #3
star-szrI would move this to https://www.drupal.org/project/openid but there is no 8.x version there.
More info:
https://www.drupal.org/node/2116417