The update_url needs to be sent via the openid client (relying party) to the provider in the fetch request, then:
"If present, the OpenID Provider may re-post the fetch response
message to the specified URL at some time after the initial response
has been sent, using a OpenID Authentication Positive Assertion."
http://openid.net/pipermail/specs/2007-October/002014.html
The update of the values in uni-directional (provider -> relying party) according to the openid specs, the RP should be almost stateless (only caching), so the provider should have always the latest data. We cannot really ensure that the user cannot edit his profile on relying party side, or can we do that?
Things to do on the client side:
Sreg modules are not affected, no update mechanism is available for SReg values.
| Comment | File | Size | Author |
|---|---|---|---|
| #7 | 501702-7-openid_client_ax_update_url.patch | 2.68 KB | sanduhrs |
| #6 | 501702-6-openid_client_ax_update_url.patch | 2.65 KB | sanduhrs |
| #5 | 501702-5-openid_client_ax_update_url.patch | 2.39 KB | sanduhrs |
| #3 | openid_client_ax_update_url.patch | 2.4 KB | aron novak |
Comments
Comment #1
aron novakhook_openid_client() needs to be extended with an 'update' $op as well and update the saved node profile.
openid_client_ax needs to provide that callback url for the provider side.
Comment #2
aron novakGood summary here under "Asynchronous Attribute Updates":
http://blogs.gnome.org/jamesh/2007/11/26/openid-ax/
Comment #3
aron novakFirst iteration of the patch. Untested.
Comment #4
aron novakDependencies:
#506506: Update node profile, add new $op to openid_client
Comment #5
sanduhrs* fixes D5 style call to url()
* swicthing to v2 protocoll for assertion verification
Patch attached.
Comment #6
sanduhrsUpdated patch to meet Drupal requirements.
Comment #7
sanduhrsChanged the menu item type of openid/update from default MENU_NORMAL_ITEM to MENU_CALLBACK to avoid appearance of empty menu item in navigation menu.
Comment #8
xamanu commentedCommitted.
Comment #9
xamanu commented