[OpenID] Are all implementations created the same?

[Martin Foster]

So my question is, are all implementations created the same?  Is 
livejournal.com a good place to start to see if your consumer is working 
according to plan, or is there something more definitive to test against?

Please read on if you want more details as to why I am asking:

   Instead of going with a large number of Perl modules that support 
OpenID 1.x in various ways, I decided to consolidate them all into one 
file.  That way key generation (p, g, pub, priv), key extraction, btwoc 
and so forth is handled from one module.

   When I tested the consumer portion, I authenticated against 
Livejournal and have been successful in getting both encrypted and 
non-encrypted mac keys from that site.  Authentication works flawlessly 
and there are no real problems that have cropped on the consumer side 
since that worked.

   Since then I have enabled the server portion and run it through:
http://www.openidenabled.com/resources/openid-test/diagnose-server/

   Every test passes, however it never resorts to using encryption.  At 
first I assumed it was related to the software suite not working with 
the encryption however I noticed that my client and server do not work 
well with one another.

   In fact they cannot pass on an encrypted key without issues.   I've 
been going through the code, comparing it to known working elements such 
as Net::OpenID::Server.   My code is almost exactly identical to what 
Net::OpenID::Server is using and its still not getting the same mac_key 
as the consumer does once going down the line.

I'd be interested in making this all-in-one module available (once I 
attribute all the sources).  Is there anyone that might be interested in 
giving the code a second pair of eyes?   See where I am going wrong?

	Martin Foster
	Creator/Designer Ethereal Realms
	martin at ethereal-realms.org