Hi,
I''ve got a user login system working by combining the
restful_authentication
with open_id_authentication plugins. But there''s a little problem, and
that is that
any additional parameters from the login form (such as remember_me)
are lost after the OpenID transaction, and I don''t see how to pass it
around
as an option somewhere either. For instance, in SessionsController:
# remember_me is passed from #create
def open_id_authentication(openid_url, remember_me)
authenticate_with_open_id(openid_url, :required =>
[:nickname, :email]) do |result, identity_url, registration|
if result.successful?
@user = User.find_or_initialize_by_identity_url(identity_url)
# ...set @user fields...
self.current_user = @user
successful_login(remember_me) # when initiated from the GET
call to SessionsController#create after the authentication this is nil
end
end
end
Has anyone solved this?
Marko
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
> I''ve got a user login system working by combining the > restful_authentication > with open_id_authentication plugins. But there''s a little problem, and > that is that > any additional parameters from the login form (such as remember_me) > are lost after the OpenID transaction, and I don''t see how to pass it > around > as an option somewhere either. For instance, in SessionsController: >FYI, best practice for OpenID relying parties is that the remember-me functionality is left to the identity provider, not the relying party. That allows an OpenID user to revoke all his remember-me''s at once if, for example, his password is compromised. In this scenario, what you need to do as a relying party is simply remember the OpenID identifier that a user last authenticated with, then, when he returns, do a checkid_immediate with the identity provider, using that OpenID identifier. If the user has enabled remember-me for your site, the checkid_immediate call will succeed, and you can consider that user authenticated. - D -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On May 29, 7:06 pm, Danny Burkes <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > I''ve got a user login system working by combining the > > restful_authentication > > withopen_id_authenticationplugins. But there''s a little problem, and > > that is that > > any additional parameters from the login form (such asremember_me) > > are lost after the OpenID transaction, and I don''t see how to pass it > > around > > as an option somewhere either. For instance, in SessionsController: > > FYI, best practice for OpenID relying parties is that the remember-me > functionality is left to the identity provider, not the relying party. > That allows an OpenID user to revoke all his remember-me''s at once if, > for example, his password is compromised. > > In this scenario, what you need to do as a relying party is simply > remember the OpenID identifier that a user last authenticated with, > then, when he returns, do a checkid_immediate with the identity > provider, using that OpenID identifier. If the user has enabled > remember-me for your site, the checkid_immediate call will succeed, and > you can consider that user authenticated.Thanks for pointing me in the right direction. I''ll get back to this a bit later. It seems like I''ll need to modify the plugin or use ruby-openid directly in order to be able to do a checkid_immediate authentication call. Marko --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---