OpenID Simple Registration (sreg) vs. Attribute Exchange (ax)

烂漫一生 提交于 2019-12-03 13:02:06

sreg was written as the Simplest Thing that could Possibly Work, and has a very limited set of fields available. But since that includes nickname, email, and fullname, that's often all you need.

Attribute Exchange is much more extensible and featureful, although I suspect in practice features like the update_url and store request have not been widely implemented.

As for knowing which to request: In theory, which extensions a provider supports is documented in the XRDS document available during the discovery phase, as noted in the Extensions section of the spec. If you're using python-openid (or perhaps one of the other libraries at OpenID Enabled), you could query for that via something like

auth_req = consumer.begin('http://example.com/joe')

from openid.extensions import sreg

if sreg.supportsSreg(auth_req.endpoint):
    sreg_request = sreg.SRegRequest(required=['nickname','email'])
    auth_req.addExtension(sreg_request)
else:
    # maybe AX, maybe something else...

Unfortunately, OpenID identifier delegation makes that pretty unreliable. The user may be using the HTML-based discovery method, which doesn't advertise extensions at all, may have an XRDS that doesn't include the same extension information as the provider does, or an XRDS that was once accurate but is now out of date.

In addition, even if you do get an XRDS that advertises the AX extension, as far as I know it doesn't tell you which attributes the provider supports (i.e. which AX schema).

The most practical approach is probably to request lots of stuff, and if you get some stuff back, you can use it.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!