Directed Identity and the '#' symbol
Andrew Arnott
andrewarnott at gmail.com
Sun Apr 26 14:13:35 UTC 2009
Shade,
The openid-test page is pretty old, from what I heard from Janrain a few
months ago. Can you verify whether this behavior holds true on their recent
demo RPs such as
http://openidenabled.com/ruby-openid/trunk/examples/consumer ?
If so, please file a bug with them. The relevant section of the spec is
OpenID 2.0 section 7.2 bullet 3.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire
On Sat, Apr 25, 2009 at 9:44 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:
> I believe the spec says that if the user were to enter a fragment, the RP
>> should trim it off before sending the auth request to the OP.
>>
>
> I tried it here:
> http://openidenabled.com/resources/openid-test/diagnose-server/
> The output began with
> Checking http://shadowsinthegarden.com/#generation...
> Fetching http://shadowsinthegarden.com/#generation
>
> I just checked Pibb, too; it recognized me. I ran the openidenabled.comtests again, this time checking Apache's access.log and comparing to what
> Pibb sent me there with; Pibb looked for my OpenID headers at '/', but
> openidenabled.com specifically requested '/#generation':
>
> Identity authenticated as http://shadowsinthegarden.com/#generation
>
> I'm currently using the openidenabled.com library; I can work around that
> behavior for now, but will just make it a cheap kludge until I know whether
> a future version will have a better (integrated) solution.
>
> -Shade
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090426/5133cef3/attachment.htm>
More information about the specs
mailing list