[OpenID] Are all implementations created the same?
Guido Sohne
guido at sohne.net
Sun Apr 8 22:30:31 UTC 2007
One thing to also check is that you are URL encoding the components of
the URL you are building or returning properly, but that you are NOT
url encoding these when generating your signature.
Another thing to look at would be how you are packing the secret you
are returning it before you xor with the shared secret. The secret has
to be the same bit representation as what the consumer uses, and that
same bit representation has to be used by the bignum you are probably
using to hold the shared secret. In other words, it depends on a
bitwise xor, not a numeric xor ...
Hope this helps.
-- G.
More information about the general
mailing list