OpenID Auth for agents and "bots"

Recordon, David drecordon at
Sun Aug 6 21:51:28 UTC 2006

Awesome, I've also been thinking a lot about something like this.  What Brad and I had discussed was being able to do this via Basic and Digest HTTP Auth.  Thus a client that supports these modes already, browser, feed reader, svn, etc wouldn't have to change; rather only changes would be required on the server side.  Then for many of these apps, writing mod_auth_openid for Apache would handle the code needed on the server.
It would look very much like what you wrote up, though throw the identifier in the username and the signature into the password field.  Then use check_authentication to verify it.
Have you thought at all about that approach?


From: yadis-bounces at on behalf of Martin Atkins
Sent: Sun 8/6/2006 7:27 AM
To: yadis at
Subject: OpenID Auth for agents and "bots"

I've posted on the OpenID Wiki a simple proposal for doing OpenID auth
using normal HTTP authentication. This is intended as a solution for
non-human agents and bots to authenticate themselves more easily.


Note that this is not meant to address authentication of human users in
non-browser apps, though I have included this as a possible extension in
the notes at the end of the page.

Please let me know what you think.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the yadis mailing list