I'm using DotNetOpenAuth to log in as part of my login process. It works great for handling authentication but the process of retrieving user information from various openId providers is not working very well.
Using MyOpenId I do get full information that I request using a ClaimsRequest with DotNetOpenAuth. It apparently uses the SREG protocol to request and retrieve this content. This works great with MyOpenId, but doesn't do anything for Google or Yahoo and other providers that do not support this protocol (yet?).
Is there a way to retrieve cross provider user information using DotNetOpenAuth (or some other mechanism other than RPX (not looking for another man in the middle :-}) )?
Best Answer
I recommend that you look at the actual exchanges that happen. I.e. when your service redirects the user to the provider, find out what parameters are sent, and then, when the user comes back, also find out what parameters are transmitted.
In OpenID 2, there are two ways to request user information: Attribute Exchange (AX), and Simple Registration (SREG). Not sure what SIG is. Whether or not providers implement these protocols, and what information they provide, is their choice (at first, and then hopefully also the user's choice).
I found that Google supports AX, and provides always the email address, and sometimes the user's first and last name. In my experience, Yahoo doesn't provide anything but the claimed ID. As a consequence, I don't accept Yahoo as a provider, see http://pypi.python.org/pypi?:action=openid