PayPal OpenID Implementation details

Follow up to the previous entry for PayPal OpenID provider:

Main Links

OpenID Endpoint https://www.paypal.com/webapps/auth/server
OpenID Identifier https://www.paypal.com/webapps/auth/server
This should return the XRDS that can be used to discover the end point)
Docs Link https://www.x.com/community/ppx/xspaces/identity
Submit RP for whitelisting https://www.x.com/create-appvetting-app!input.jsp


Simple Registration (
http://openid.net/sreg/1.0)

Prefix http://openid.net/sreg/1.0
openid.sreg.required email,fullname,dob,postcode,country,language,
timezone

 

Attribute Exchange (http://openid.net/srv/ax/1.0)
Generic Attributes

first name http://axschema.org/namePerson/first
last name http://axschema.org/namePerson/last
email http://axschema.org/contact/email
full name http://schema.openid.net/contact/fullname
dob http://axschema.org/birthDate
postcode http://axschema.org/contact/postalCode/home
country
http://axschema.org/contact/country/home
language
http://axschema.org/pref/language
timezone
http://axschema.org/pref/timezone
street1
http://schema.openid.net/contact/street1
street2
http://schema.openid.net/contact/street2
city
http://axschema.org/contact/city/home
state
http://axschema.org/contact/state/home
phone http://axschema.org/contact/phone/default


PayPal Specific Attributes

Verified Account https://www.paypal.com/webapps/auth/schema/verifiedAccount
Payer ID https://www.paypal.com/webapps/auth/schema/payerID

PAPE (http://specs.openid.net/extensions/pape/1.0)

preferred_auth_policies  

 

 

http://schemas.openid.net/pape/policies/2007/06/phishing-resistant 

http://schemas.openid.net/pape/policies/2007/06/multi-factor

http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical

max_auth_age [ integer value greater than or equal to zero in seconds]
preferred_auth_level_types papeauthlevel1 papeauthlevel2
auth_level.ns.papeauthlevel1 http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
auth_level.ns.papeauthlevel2 http://www.jisa.or.jp/spec/auth_level.html

PayPal OpenID Provider

More than an year or so ago, PayPal announced its participation in Open Identity for Open Government initiative. We worked closely with Janrain in helping us standup a beta OpenID provider at PayPal-IdS.com that links with our proprietary Authentication service. At Innovate last year (in partnership with Janrain and Gigya), we showcased a few sites that were enabled to accept PayPal as an IdP. The beta OpenID provider gave us a chance to work closely with our partners and consumers and get a better understanding of requirements around setting up a commercial identity provider.
I’m happy to share that we now have an OpenID provider that’s hosted on PayPal infrastructure and completely integrated with PayPal.com. The new functionality will allow consumers to login to a PayPal approved OpenID relying party using their existing PayPal account.

Here is a list of specifications that are supported:

Here is a list of standard attributes that are available for sharing

  • first name
  • last name
  • email
  • full name
  • dob
  • postcode
  • country
  • language
  • timezone
  • street1
  • street2
  • city
  • state
  • phone

In addition, users can also share the following PayPal specific attributes

  • PayerID – PayPal specific unique identifier for users
  • Verified Account – Indicator if the user has a financial instrument attached to the account.

If you are a relying party and interested in accepting PayPal OpenID, you can signup at X.com.

Image | WordPress Themes