<script type="text/javascript">
function doLogin(doneUrl) {
/* Tell XAuth.org that a user has just signed into Google on this browser. */
XAuth.extend({
// reveals "someone is logged into Google"
token: "1",
// Expires after 24 hours or if the user explicitly logs out
expire: new Date().getTime() + 60*60*24*1000,
// Allow any domain to read this info (could also be a whitelist of partners)
extend: ["*"],
// Optional callback function once extend() has completed.
callback: makeRedirectFunc(doneUrl)
});
}
</script>
Cool.. will hack it soon .. :-)
ReplyDeletePanggi Libersa
OpenId, Oauth, XAuth?! Can someone explain it all to me?!
ReplyDelete@Schultzter,
ReplyDeleteOpenID is for Authentication
OAuth is for Authorization to access data
XAuth is an personalized registry of apps
I will post a detailed comments for each of these.
Hey Chris,
ReplyDeleteThanks for a great writeup!
Small correction on performance and scalability: since all the xauth tokens are stored locally in the user's browser, *no* http requests are required to determine which services are currently active.
Many will surely include the JavaScript from xauth.org, but extending and retrieving services uses a simple postMessage protocol and can be accessed without the xauth.org JavaScript library.
Isn't xauth.org a centralized service? Haven't you fought the last few years against centralized services? Chris it feels you quite never step back and criticize anymore.
ReplyDeleteI would be interested if you had also showed how one can be made aware they are using Xauth and how they can turn it off, aside from having to go to the xauth.org website and disable it (what does it even mean?)
Also, what a terrible terrible name that doesn't tell you what it's all about.
On the other hand, half the services I'm a member of is because of the NASCAR line-up on a site I visit!
ReplyDelete@Marcus Westin: I suppose you're right — but there's still at least one HTTP request to fetch the JavaScript at some point so I think I'll leave it as is. My point was really to try to provide contrast between this approach and the one where you have to ping EVERY service to check if there's an active session!
ReplyDelete@Lawouach: xauth.org is a centralized service, you're absolutely right. And I had my [strong] reservations about this kind of service when I first heard about it. But the reality is this: while this functionality and set of preferences should belong on the client-side (as many of us are aware and have argued) that has *not* happened. The work to make that happen is of course ongoing, but it makes no sense to sit idly by while single-providersolutions overtake the marketplace.
I think that over time XAuth will prove to be a useful stopgap demonstration of a solution to a problem we've long been aware of but until now, had not marshaled the collective will to meaningfully address.
In fact, XAuth is so promising because the goal is that any provider should be able to register itself on your behalf, meaning that if you want to use your own custom sharing service or identity provider, you should be able to — and then share that information — proactively — with the sites and services you visit.
XAuth does more to leverage the playing field than I think you might realize at first glance.
уєα ι мιѕѕ мι ƒσηє вℓσωιη Ï…ÏÏ Ñ‚Ñ”Ï‰..ℓσℓ. вυт ιмα тχт унυ ωєηєνα ι кαη
ReplyDeleteWow! This is very cool I think, since the request and response are purely client-side. Thank you for sharing.
ReplyDeleteOk great, how do us non-programming types use it?
ReplyDelete@Duderino, I don't see it being very feasible for non-programmer types to be able to implement this very well... sure you can plop the js on your site, but it's likely the user will want to use you app as well, or login with credentials from another network, or post to both accounts (like facebook and twitter) at the same time or something.
ReplyDeleteThanks for the project... Meebo?
ReplyDeleteAnyway, Hahaha. Friends think I'm crazy (when I was trying to tell them) of "they (not you) are sort of literally using DIV ID elements as a messaging gateway ... 'to blah blah blah central rpc server!'
Anyway, pretty nice.... Although there is room for better. Ask me!
like ... 347-556-1945
Edtech.in is a professional web Design Company of Delhi provides best services in website design like joomla, word press, J-query and more. E- Definer Technology (website design Company)is serving in web design field from last 15 years and has more than 325 clients.
ReplyDeleteSo XAuth+OpenId+OAuth is the answer to Facebook's challenge? Where does OpenID Connect fit in?
ReplyDeleteCan we do something to the monopoly!
ReplyDelete