Thursday, September 5, 2013

Yahoo! OpenID attribute exchange

When implementing OpenId authentication with Spring Security with below config, the Yahoo! service doesn't provide any attributes values, although Google works.

 <security:attribute-exchange>  
      <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>  
      <security:openid-attribute name="forename" type="http://schema.openid.net/namePerson/first" required="true"/>  
      <security:openid-attribute name="surname" type="http://schema.openid.net/namePerson/last" required="true"/>  
      <security:openid-attribute name="name" type="http://schema.openid.net/namePerson/friendly" required="true"/>  
 </security:attribute-exchange>

After google around, I found this. So change the config as:

 <security:attribute-exchange>  
      <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>  
      <security:openid-attribute name="forename" type="http://schema.openid.net/namePerson/first" required="true"/>  
      <security:openid-attribute name="surname" type="http://schema.openid.net/namePerson/last" required="true"/>  
      <security:openid-attribute name="name" type="http://schema.openid.net/namePerson/friendly" required="true"/>  
      <!--Yahoo-->  
      <security:openid-attribute name="axFullname" type="http://axschema.org/namePerson" required="true"/>  
      <security:openid-attribute name="axEmail" type="http://axschema.org/contact/email" required="true"/>  
 </security:attribute-exchange>

The result is the email attribute has correct value while axEmail and axFullname are null. But if I remove the axEmail, then the email is null. That's interesting. So finally, below config works well with both Google and Yahoo!, though we'll have duplicate email attributes with the same value:

 <security:attribute-exchange>  
      <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>  
      <security:openid-attribute name="forename" type="http://schema.openid.net/namePerson/first" required="true"/>  
      <security:openid-attribute name="surname" type="http://schema.openid.net/namePerson/last" required="true"/>  
      <security:openid-attribute name="name" type="http://schema.openid.net/namePerson/friendly" required="true"/>  
      <!--Yahoo-->  
      <security:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true"/>  
      <security:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>  
 </security:attribute-exchange>

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)