[OpenID] clarification on openid.signed contents / duplicates
Bill Shupp
hostmaster at shupp.org
Mon Jul 27 19:59:06 UTC 2009
Can openid.signed have duplicate entries? I found this to be the case
with an OP recently, and the library I'm using (php via PEAR) did not
allow for this, so the signature checking would fail. However, the
JanRain php library does allow for this.
Section 4.1 of OpenID 2.0 specifies that Protocol Messages "MUST NOT
contain multiple parameters with the same name.". However, this is
just KV form of the openid.signed items. Is this still considered a
protocol message, and therefor not allow duplicates? It's not clear
to me, so I thought I'd ping the list for clarification before leaving
in the workaround I added to support this case.
Thanks,
Bill Shupp
More information about the general
mailing list