Implementing a client: Where's the HOWTO?
danlyke at flutterby.com
Thu May 19 18:23:29 PDT 2005
Stupid questions time: I'm burned out on working on 3d animation
software all day and have decided to relax by digging into some Perl
code. Yes, I am a sick puppy.
So: I have a weblog content management system. I already have
several different methods of authentication, including LID(tm), but
being a "new features is better!" weenie, I obviously want to add
YADIS/OpenID logins as soon as possible.
I'm reading through the spec at http://www.danga.com/yadis/specs.bml
and I'm trying to understand a few things. If I get the sequence
1. I present the user with a login screen that contains, as one of its
options, a "YADIS/OpenID" URL entry.
2. When the user presses "submit", I send a redirect to that URL with
the following arguments appended (if the string already contains a
"?". then they're appended with an intervening "&", otherwise it's
return_to - a URL which can contain state information about the
user session (ie: something like
trust_root - The URL of my site (ie: "http://www.flutterby.com/")
is_foaf - ? Got an example of what this is supposed to have in it?
3. Magic happens at the user's URL, and then I get a redirect back to
the return_to URL with:
assert_foaf - ? Some tag I need to validate in some way ?
user_setup_url - a place I can redirect the user to if I can't make
sense of assert_foaf. I assume that this will maintain my state
information as mentioned in my "return_to" notes above.
4. To validate that assert_foaf, I do a GET of the user's original
YADIS/OpenID URL, look for some FOAF autodiscovery tag, do another
GET to retrieve that file, and... do... something.
So, my questions are:
1. What do I stock is_foaf=... with?
2. What do I do with assert_foaf?
3. What does the FOAF autodiscovery tag look like?
4. What's the extension to FOAF that I do something with to check the
 Available from http://www.flutterby.net/ . It's the first (and so
far as I know, only) weblog system to have a bidirectional NNTP
interface, LID authentication, plus all of the other usual crap.
More information about the yadis