[Code] How to distinguish, server-side, direct request from an indirect request?

Andrew Arnott andrewarnott at gmail.com
Mon Jun 24 16:23:52 UTC 2013 

You can tell based on the openid.mode parameter, which identifies the
message type. Since each message is specifically either a direct or an
indirect message, you can tell that way.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


On Mon, Jun 24, 2013 at 6:18 AM, Michał Górny <mgorny at gentoo.org> wrote:

> Hello,
>
> I'm implementing an OpenID provider server and looking throughout the
> OpenID Auth 2.0 spec, I can't find how to properly distinguish a direct
> request from an indirect one.
>
> What I'm trying to do is properly implement error responses. As far as
> I understand the spec, there are three kinds of error responses I need
> to support:
>
> * error responses to direct requests that need to be sent KV-encoded,
>
> * error responses to indirect requests that should be sent back
>   to openid.return_to as a redirect,
>
> * error responses to malformed indirect requests (esp. lacking
>   openid.return_to) that should be displayed human-readable to user.
>
> As far as I can guess, a request having openid.return_to is most likely
> an indirect request. But how to distinguish a direct request from a
> malformed indirect request?
>
> The spec is mostly putting overlapping rules on direct and indirect
> requests. It also lists the uses for particular kinds of requests but
> that doesn't seem normative, and doesn't solve malformed request
> problem.
>
> The only other heuristic I can think of is using the Accept header,
> assuming that a web browser would list any kind of HTML format there
> and OpenID client wouldn't.
>
> Could any of you help me? I've tried on stackoverflow.com already [1]
> and didn't get a single answer. Feel free to answer there if you'd like
> to get the kudos.
>
> [1]:
> http://stackoverflow.com/questions/17217502/how-to-distinguish-server-side-direct-request-from-an-indirect-request-in-open
>
> --
> Best regards,
> Michał Górny
>
> _______________________________________________
> Code mailing list
> Code at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-code
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20130624/bab01a91/attachment.html>

More information about the Code mailing list