Summarizing Where We Are
Martin Atkins
mart at degeneration.co.uk
Fri Oct 6 17:03:42 UTC 2006
Dick Hardt wrote:
> On 5-Oct-06, at 4:41 PM, Josh Hoyt wrote:
>
>> On 10/5/06, Dick Hardt <dick at sxip.com> wrote:
>>> I think you missed my message arguing why it was important and that
>>> being part of the return_to URL made it hard for the functionality to
>>> be contained in the library
>> I'm not sure I buy this reasoning, since our OpenID 1 libraries add a
>> nonce to the return_to URL (which is not hard, since the library needs
>> to add stuff to the return_to URL anyway)
>
> curious as to why the RP library needs to add stuff to the return_to
> URL? Does it need to for a OpenID 2.0 call?
>
One example that springs to mind is that the original Perl OpenID
library would, in the delegation case, put the user-supplied identifier
in a return_to argument so that it could use that identifier when
authentication succeeded.
More information about the specs
mailing list