What is an OpenID Extension?

OpenID Extension is defined in the section 12 of the OpenID Authentication 2.0 as:

An Extension to OpenID Authentication is a protocol that “piggybacks” on the authentication request and response. Extensions are useful for providing extra information about an authentication request or response as well as providing extra information about the subject of the authentication response.

OK. My question: Does it entirely have to depend on authenticaiton request and response, or can it partially depend on it?

By definition, I think it is the later, because, the subsequent paragraph goes:

OpenID extensions are identified by a Type URI. The Type URI MAY be used as the value of an element of an OpenID element in an XRDS document associated with a Claimed Identifier. The Type URI is also used to associate key-value pairs in messages with the extension.

Clearly, this is not authentication request (section 9) and response (section 10), but Discovery (seciont 7.3). Thus, if it were to be entirely on request and response, the spec contradicts itself.

Therefore, it has to mean that an extension is a protocol that has to utilize request and response.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.