RP's may wish to know about teams in Launchpad.
The primary form of communication between the RP and Launchpad is an OpenID authentication request. Our solution is to piggyback a team membership test onto this interaction.
As part of an OpenID authentication request, the RP includes the following fields:
- An OpenID 2.0 namespace URI for the extension. It is not strictly required for 1.1 requests, but including it is good for forward compatibility. It must be set to:
- A comma separated list of Launchpad team names that the RP is interested in.
As part of the positive assertion OpenID response, the following field will be provided:
- (as above)
- A comma separated list of teams that the user is actually a member of. The list may be limited to those teams mentioned in the request. This field must be included in the response signature in order to be considered valid (as the response is bounced through the user's web browser, an unsigned value could be modified).
For RPs that Launchpad trusts, team membership information will be transferred automatically. For 3rd party RPs, Launchpad will tell the user what team information will be disclosed if they agree to authenticate.