OpenID and desktop applications

Steve Churchill steven.churchill at
Thu Dec 8 19:15:47 UTC 2005

ooTao is releasing a (free) Windows/Mac service that allows sharing SSO
session state among thick apps and client browser windows. The thick apps
and a browser plugin both invoke the service's API in order to engage in an
SSO session. The service uses the default browser for the login in order to
provide the standard visual cues to discourage phishing and the like.

Our first cut supports the XRI ISSO protocol. If we have interest, we will
quickly support YADIS as well.

~ Steve

> -----Original Message-----
> From: yadis-bounces at [mailto:yadis-bounces at]
> On Behalf Of Lukas Leander Rosenstock
> Sent: Wednesday, December 07, 2005 7:58 AM
> To: yadis at
> Subject: Re: OpenID and desktop applications
> Hello!
> It should be no problem for you to write a desktop application that asks
> for the users identity, then fetches this URL with a HTTP engine and
> looks up the identity server URL. This URL, however, must be rendered
> with some kind of HTML browser because the user needs an interface to
> enter his password and set trust with his identity server. This must be
> taken back to your application. I could imagine three possiblities for
> this:
> a) Use a browser engine embedded in your application, e.g. if your
> native desktop application is for Windows you can simply use the IE
> ActiveX control. The "openid.return_to" is a "dummy" URL. If you see
> your browser control navigating there stop it from doing this, catch the
> query string and process it in your application, e.g. read out
> "openid.mode" and the others and do the ID check (using immediate or
> association) on the local machine.
> b) Call the OpenID server on the users default browser. The browser
> needs to give control back to your application, so you must give him an
> "openid.return_to" that is either
> http://localhost:port_of_your_application/ or specialprotocol:foo (might
> be difficult to handle). Then read out "openid.mode" and the others and
> do the ID check (using immediate or association) on the local machine.
> c) If your application is connected to a web service anyway you do the
> ID check on the server. Your application opens a session with the server
> and then opens the URL, this time "openid.return_to" is part of the
> webservice. The webservice can to the ID check and then notify the
> application on the local machine (through the socket/session) that logon
> was successfull.
> I hope that helps!
> Lukas
> Andrey Tatarinov wrote:
> >Hi,
> >
> >I'd like to create native desktop application (as a part of web service)
> >which could've use OpenID. After reading specs and search internet - I
> >do not see a way to do it.
> >
> >Any tips?
> >
> >

More information about the yadis mailing list