Problem with check_authentication
Johnny Bufu
johnny at sxip.com
Fri Apr 13 17:09:41 UTC 2007
On 13-Apr-07, at 8:53 AM, Kevin Richards wrote:
> In the spec it shows an example of the 'signed' fields returned from a
> check_id_* request as "mode,identity,return_to". However if you try
> and do a
I had a quick look at the spec and didn't this example. Can you
please point to it?
Currently the spec requires claimed_id, identity, op_endpoint,
return_to, response_nonce, assoc_handle to be signed.
> check_authentication it will always fail because the mode will
> always be
> check_authentication not.
Yes, including the mode in the signed list will break the direct
verification (unless the OP compensates for it).
Johnny
More information about the specs
mailing list