WebIntent X OpenID Connect (En)

Author: Nov Matake

When you access to an OpenID Relying Party (RP), you’ll see 5 or more OpenID Provider (OP) logos at its login page. At worst, you can see 10+ OP logos, even though more than half of them are totally unknown for you. It’s called “NASCAR Problem”.

OpenID community had been trying to solve the problem for a long time, but not much progress on it.

Now, it’s the era of HTML5, and browsers-side functionality is improving very much. I found HTML5’s WebIntents [W3C draft spec] as a browser-based “discovery” protocol, which can be a solution for OpenID’s NASCAR problem.

So that I made an OpenID Connect Provider & Relying Party which relying on the discovery part to WebIntents.

You can play my demo following the below steps.

  1. Access to Nov OP which has tag in its HTML tag. Your browser will automatically register this site as a service provider of “OpenID Connect Discovery”.
  2. Access to Nov RP.
  3. Click “Or Try WebIntents?” button, which initiate WebIntents-based OpenID Connect Discovery flow.

Then you’ll see a small popup which let you choose an OP. After you choose Nov OP, you will go back to Nov OP and see an alert popup which shows raw OpenID Connect discovery result. Once RP received the response, it does normal OpenID Connect login flow.

One of my friends, Ryo, made his sample OP “WebIntent-able”, so once you access to Ryo’s OP, you can see 2 OPs at the popup window of intent candidates.

For some reason, this demo works only on Safari. (probably because of webintents.org’s JS shim issue?)