Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Support openid stateless mode #35

Closed
deliminator opened this Issue Nov 25, 2012 · 0 comments

Comments

Projects
None yet
2 participants
Contributor

deliminator commented Nov 25, 2012

As mentioned here

https://groups.google.com/forum/?fromgroups=#!topic/openid4java/TEYtDLz-bPw

We can use openid4java in stateless mode if we replace InMemoryConsumerAssociationStore and InMemoryNonceVerifier with the Jdbc* variants. This is necessary when running a stateless webapp (state is in the database), for example on Heroku.

The discovery-cache used to store the provider-info will be useless in stateless mode - the provider-info will be stored and time out after max-nonce-age.

ConsumerManager.verify() will still work with provider-info equal nil - the provider-info will be re-fetched (additional network request).

I've tested this with my own implementation for ConsumerAssociationStore and MemoryNonceVerifier (didn't want to pull in the spring dependencies) and it seems to work without problems.

@cemerick cemerick closed this in 5c3e743 Nov 26, 2012

@cemerick cemerick reopened this Nov 26, 2012

@cemerick cemerick closed this Nov 26, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment