[OpenID] Yahoo issue
Hans Granqvist
hans at granqvist.com
Mon Feb 4 16:11:16 UTC 2008
Interestingly, the spec does not mandate implementation of
any algorithm. Should it? (For comparison, TLS mandates
algorithms for spec compliance: RFC 4346 section 9.)
Also: should there be a way to extend the set of OpenID
associations and authentication algorithms? (TLS has a
mechanism for adding new algorithms, see for example
RFC 2712)
Hans
On 2/3/08, Allen Tom <atom at yahoo-inc.com> wrote:
>
> Hi Shane,
>
> The Yahoo OP does not support HMAC-SHA256 nor DH-SHA256, and thanks for
> pointing out that our error response is not correct. We'll fix this soon.
>
> Thanks
> Allen
>
>
> Shane B Weeden wrote:
>
> In case anyone from Yahoo is on the list, I have encountered a problem with
> the associate method implementation.
>
> If an associate request is sent with the HMAC-SHA256 association type and
> DH-SHA256 session type, the Yahoo OP (at
> https://open.login.yahooapis.com/openid/op/auth) is
> returning the following response:
>
> ns:http://specs.openid.net/auth/2.0
> mode:error
> error:assoc_type not supported
> error_code:unsupported-type
> session_type:HMAC-SHA1
> assoc_type:no-encryption
>
>
> I think you'll find the values for the assoc_type and session_type should
> be swapped.
>
> ________________________________
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
More information about the general
mailing list