Clickpass developers - Latest Comments

Re: How OpenID works

Lovefilm Free Trial — Sun, 11 Nov 2012 19:14:13 -0000

So what is the way forward then ?

Re: How OpenID works

petenixey — Wed, 30 Nov 2011 12:16:13 -0000

Since being acquired Clickpass is no longer under development.

Re: Pseudo code

Abudabi-31 — Tue, 26 Oct 2010 16:19:18 -0000

1 gogo nanier pabo dan sa likisormala
bez zot liki aret fer ban site pilon
ban kakaliki

Re: Get registration info

petenixey — Mon, 25 Oct 2010 14:07:04 -0000

Since Clickpass is no longer under active development, we have closed down the ability to add new sites for the moment. If anything changes it will get posted to the company blog.

Re: Get registration info

GPRX — Sat, 23 Oct 2010 12:40:18 -0000

where do I get the site_key from?

Re: Install OpenID

petenixey — Wed, 19 May 2010 15:01:29 -0000

Hi Helpin,

You can only use Clickpass as a login mechanism if you have access to the site's back-end code. If you're just a user you would need the site itself to install Clickpass.

Re: Install OpenID

helpin — Sun, 16 May 2010 09:11:25 -0000

can i use clickpass.com's open id autentication for any sites ?I mean can I set it up to my tumblr sites or any other third party depended sites?

Re: Installing Clickpass

petenixey — Tue, 13 Apr 2010 19:35:09 -0000

Hi Ashwin, we have not tried it on there but I believe it does, yes.

Re: Installing Clickpass

Ashwin — Tue, 13 Apr 2010 04:39:57 -0000

Does this service work on Google App Engine?

Re: Pseudo code

petenixey — Thu, 18 Feb 2010 21:16:27 -0000

Hi Patrick,

You will find lots of examples and additional tutorials on our tutorials page: http://www.clickpass.com/do...

Peter

Re: Pseudo code

Patrick — Thu, 18 Feb 2010 17:48:56 -0000

I need to find a resource to explain Pseudocode in depth with examples. What do you recommend?

Re: Merge accounts

Landslider — Fri, 01 Jan 2010 12:27:56 -0000

Instantly find new Web sites on Clickpass.

Re: Flow chart & checklist

Landslider — Fri, 01 Jan 2010 11:10:20 -0000

I am adding the documents being posted on my blog just by using Clickpass every day so my blog comments can be shared by many friends and other consumers and businessmen everywhere.

Re: Installing Clickpass

Aaron Zinman — Tue, 22 Dec 2009 20:02:40 -0000

Just tried signing up now, and 6 months later it still asked. I denied and went through Facebook instead. No permissions needed.

Re: How OpenID works

petenixey — Thu, 03 Dec 2009 17:57:50 -0000

Hi Bhauman,

When we built this feature Google didn't offer straight authentication. We
therefore had to authenticate by asking for authorisation to access one of
their services.

Since then we have not updated the code however we do not access any of your
GMail information and we will not access any of your information - it just
seemed to be the most appropriate service to authenticate through.

Kind regards,
Peter Nixey

2009/12/1 Disqus <>

Re: How OpenID works

bhauman — Wed, 02 Dec 2009 00:59:20 -0000

So I go to you homepage and try out logging in with my google account. And this is what I see http://skitch.com/bhauman/n... It appears as if you are asking for access to my contacts. Is that really the case? I haven't taken the time to look at the google api docs to see if this is required. But my gut feeling is that this is not the case.

You aren't grabbing contacts for spamming purposes are you? I really hope your not doing that either. So what is up?

Re: Receive new signups

Ruben Fonseca — Fri, 02 Oct 2009 19:05:29 -0000

Hi Peter! That answers my question very clearly :) Thank you for your help!

Re: Receive new signups

petenixey — Fri, 02 Oct 2009 15:14:32 -0000

Hi Ruben, thanks for the explanation, I understand now and I think I can answer your concern.

The flow above assumes that you've already authenticated the OpenID before allowing for account creation to occur.

From the notes:
"The user will have already successfully authenticated their OpenID URL and the results of that authentication should have been saved in your session by the time they arrive at registration."

In order to prevent an OpenID hijacking you should store the result of the authentication and reference it before executing the creation step. That way even if someone tries to sign up as you they can't unless they've first authenticated.

Hope that answers the question :)
Peter

Re: Receive new signups

Ruben Fonseca — Fri, 02 Oct 2009 15:02:22 -0000

Hi Peter! Thank you for your quick reply!

Imagine I find the clickpass_openid URL of a friend of mine (ok, maybe it is not easy... but...). Using this endpoint I can create a user on my website, even though my friend never registered or authorized the access to the website.

Or maybe I am missing something... :/

Re: Receive new signups

petenixey — Fri, 02 Oct 2009 14:56:22 -0000

Hi Ruben,

That is always going to be the case with any signup API, you don't actually need to verify that it is Clickpass.

Please correct me if I'm not answering the right question but as best as I can understand I don't believe this is an issue (or at least not one that any website faces since account-creation APIs are open almost by definition).

Peter

Re: Receive new signups

Ruben Fonseca — Fri, 02 Oct 2009 14:50:34 -0000

How can I validate a call to the openid_reg call? Anyone can post to the endpoint with a clickpass_openid and create an account on my website. I can't find a way of validating if the call is from clickpass and is valid.

Re: Log users in

petenixey — Tue, 22 Sep 2009 13:02:41 -0000

Yang that's great. Thanks for the link and for the article - we just blogged it over on the the company blog: http://blog.clickpass.com/2...

Re: Log users in

Guest — Thu, 17 Sep 2009 05:38:04 -0000

Here is my write up on Clickpass and Rails. Please let me know if you see any errors. http://tinyurl.com/nnzkm5

Re: Log users in

Guest — Thu, 17 Sep 2009 02:42:28 -0000

That might be a deal breaker.... Facebook feed is quite dear to my site, and having both FB connect and clickpass buttons (because FB user can use either) will confuse some users... :( I'd like to make a formal request. If it's a FB user, you could pass fb user id along with openid url so that other FB-related functions could be provided.

Cheers,

Re: Log users in

petenixey — Wed, 16 Sep 2009 21:31:59 -0000

No problem and thank you that would be great. We don't currently offer anything other than the Clickpass OpenID on the other side at the moment though.