Search code examples
javaopenidseam

Get email address from OpenId using Jboss/Seam

I'm using the org.jboss.seam.security.openid.OpenId class to login user's to my seam webapp. Currently I'm saving the validatedId (openid.getValidatedId()) into the database, and asking the user to provide their own email address and first and last name after logging in. I'm using Google, Yahoo, AOL, and MyOpenID for the openId Providers.

Is there any way to retrieve the email address and or first/last name of the user without having them enter this in manually?

Solution

  • I had a quick glance at the OpenId class in Seam 2.2.0.GA and it already contains some tentative code for retrieving the user email address.

    The code already ask for an email address when the user logs in.

    protected String authRequest(String userSuppliedString, String returnToUrl)
    throws IOException
{
    ...
   // Attribute Exchange example: fetching the 'email' attribute
   FetchRequest fetch = FetchRequest.createFetchRequest();
   fetch.addAttribute("email",
                      "http://schema.openid.net/contact/email",   // type URI
                      true);                                      // required

    And there's commented code for extracting that email from the response.

    public String verifyResponse(HttpServletRequest httpReq)
{
          ...
//        AuthSuccess authSuccess =
//            (AuthSuccess) verification.getAuthResponse();

//        if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
//            FetchResponse fetchResp = (FetchResponse) authSuccess
//                .getExtension(AxMessage.OPENID_NS_AX);
//                    
//            List emails = fetchResp.getAttributeValues("email");
//            String email = (String) emails.get(0);
//        }

    In any case you can probably use that code as a starting point.

    Edit:

    I managed to write a small demo based on the Seam OpenID sample. I unfortunately had to copy/paste the code from the Seam OpenId component since the existing bits of attribute-exchange code were incomplete and there's no obvious way to extend it.

    I don't know if copy/pasting LGPL code is acceptable in your project. In any case Seam's OpenID component is only a thin wrapper around the openid4java library and could be rewritten easily.

    Google, Yahoo, AOL, and MyOpenID

    I attempted to fetch the email address and personal name of users signing-in from the four providers you mentioned. Here are the result of my little experiment.

    From Google I obtain:

    • Gmail email address
    • First name
    • Last name

    From AOL:

    • Email (default to AOL email but the user can type-in another)

    From Yahoo:

    • Yahoo email address
    • Full Name (all in one string)

    From myOpenID:

    • Email (if the user has filed one in his profile)
    • Full name (if the user has filed one in his profile)

    I had to include both the http://schema.openid.net/contact/email and http://axschema.org namspaces in the request to get a response from all the providers.