Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.6
Component/s: OpenID
Labels:
None

Crowd's OpenID approvals are based around the return_to URL. An OpenID 2 request may present a more general realm as well (Realms). If present, the user should be asked to approve the realm for this and future requests.

If a whitelist is present (~~CWD-3045~~) it should be treated as a list of realms. Any realm must either be directly present on the whitelist (if it's a pattern) or match something on the whitelist if it's a concrete return_to URL.

has a derivative of

CWD-3069 Warn about overly general Realms in OpenID requests

Gathering Interest

relates to

CWD-2470 Support OpenID 2.0 and identifier select for a single endpoint URL

Closed

CWD-3045 Allow a whitelist of automatically-approved sites for CrowdID

Closed

mentioned in: Wiki Page Loading...

Assignee:: joe
Reporter:: joe
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: 11/Jan/2013 12:15 AM
Updated:: 19/Sep/2019 5:51 AM
Resolved:: 18/Jan/2013 12:33 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates