I’m implementing an OpenID provider and have it running smoothly for standard OpenID requests (where the end-user knows their OpenID url). However I want consumers to be able to use the provider without knowing the end-users OpenID url up-front, this will be determined when the user logs in.
I found that this is theoretically possible by reading this stackoverflow question, however it doesn’t provide a lot of detail for me to be able to gather the required information to develop this myself, fact that it’s DotNet doesn’t help.
Can anyone direct me to where I might find more information on how this is set up?
I’m using Zend Framework, but couldn’t find any useful information in it’s documentation.
A consumer can specify that the provider “SHOULD choose an Identifier that belongs to the end user”. In such a case, the provider will choose the identifier that belongs to the user (i.e. the user logged in onto the provider most likely) and the consumer does not have to provide an openid url. See the section 9.1. Request Parameters, item openid.identity on the OpenId specification page. Basicly, the parameter openid.identity is set to
http://specs.openid.net/auth/2.0/identifier_select.With regard to your question on how to set this up:
For more information you should read the specification of OpenId 2.0
Also, it might be useful to read on Google’s OpenId developer page.