[OpenID] Normalizing claimed identifier (remove the #?)
Martin Atkins
mart at degeneration.co.uk
Mon Mar 17 22:11:36 UTC 2008
Markus Lanthaler wrote:
> Hey all,
>
> I just tested the new Yahoo OpenIDs. It seems that they are appending to all
> their some ID, e.g. https://me.yahoo.com/markus.lanthaler gets
> https://me.yahoo.com/markus.lanthaler#a5b3f. The problem I have is that I
> don't know for what reason that fragment is appended and if I should strip
> it before saving the URL (as it is stated in the spec:
> http://openid.net/specs/openid-authentication-2_0.html#normalization).
>
> That fragment is never shown to the user so it's difficult for an
> administrator to set the OpenIDs for all the users if they cannot tell him
> their full URL.
> Any ideas why they do it that way? Any suggestions how I should handle them?
>
Hi Markus,
I encountered the same confusion when I was working to implement OpenID
2.0 in the Net::OpenID::Consumer library for Perl. I think perhaps the
section of the specification that describes this is not clear enough, as
it is not immediately obvious from a read of the spec in which
situations the URL should be used with fragment and in which it should not.
My understanding was that:
* When verifying delegation or directed identity assertions, you need
to use the stripped version.
* When storing the identifier as a key for a user, the full unstripped
identifier must be used.
More information about the general
mailing list