Crowd's OpenID approvals are based around the return_to URL. An OpenID 2 request may present a more general realm as well (Realms). If present, the user should be asked to approve the realm for this and future requests.
If a whitelist is present (CWD-3045) it should be treated as a list of realms. Any realm must either be directly present on the whitelist (if it's a pattern) or match something on the whitelist if it's a concrete return_to URL.
- has a derivative of
-
CWD-3069 Warn about overly general Realms in OpenID requests
- Gathering Interest
- relates to
-
CWD-2470 Support OpenID 2.0 and identifier select for a single endpoint URL
- Closed
-
CWD-3045 Allow a whitelist of automatically-approved sites for CrowdID
- Closed
- mentioned in
-
Wiki Page Loading...