[OpenID] Interoperability problem with OpenID POST response between myopenid and Google

Mon Jun 22 00:40:17 UTC 2009

Hi ZSolt,
The OpenID general mailing list probably isn't the optimal place to report
interoperability problems.  You're welcome to use
dotnetopenid at googlegroups.com for this and similar problems involving DNOA
in the future.

I just checked out the base64 encoding.  The base64 encoding itself seems to
be correct:
byte[] buffer = Convert.FromBase64String(yourBase64String);
string s = Encoding.UTF8.GetString(buffer);
// s at this point contains SztupÃ¡k (that's a capital A with the tilde over
it and an upside-down exclamation mark)

I suspect in your test you may not have been using UTF8.GetString when you
saw the incorrect characters.  However, those foreign characters very well
may be causing the signature problem.  The spec tells how this signature
should be created, but perhaps myopenid and DNOA implements it differently.
 I'll keep sniffing and send another reply *just to the
dotnetopenid at googlegroups.com* mailing list so as to keep the interop noise
down on the openid general mailing list.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre

2009/6/21 "Sztupák Sz. Zsolt" <mail at sztupy.hu>

>  Hi!
>
> Just created an RP using DotNetOpenAuth mono2 branch (but running on
> MS.NET3.5), and I've got the "Login failed: *Message* *signature* *was* *
> incorrect*." error message. I think I've tracked back the problems to
> non-ASCII characters in the response string (my name contains hungarian
> accented characters -> FAIL, if I remove them, then SUCCESS)
>
> I both request sreg (nick,email,fullname) and AX
> (nick,first,last,fullname,email) data from myopenid (if I only request srge
> and/or ax then it works fine, but then it uses GET imho)
>
> Here is the log:
>     assoc_handle: {HMAC-SHA256}{4a3eae39}{WG9ITQ==}
>     ax.count.alias1: 0
>     ax.count.alias2: 0
>     ax.count.alias3: 0
>     ax.count.alias4: 0
>     ax.count.alias5: 0
>     ax.mode: fetch_response
>     ax.type.alias1: http://axschema.org/contact/email
>     ax.type.alias2: http://axschema.org/namePerson/friendly
>     ax.type.alias3: http://axschema.org/namePerson
>     ax.type.alias4: http://axschema.org/namePerson/first
>     ax.type.alias5: http://axschema.org/namePerson/last
>     claimed_id: http://sztupy2k.myopenid.com/
>     identity: http://sztupy2k.myopenid.com/
>     mode: id_res
>     ns: http://specs.openid.net/auth/2.0
>     ns.ax: http://openid.net/srv/ax/1.0
>     ns.sreg: http://openid.net/extensions/sreg/1.1
>     op_endpoint: http://www.myopenid.com/server
>     response_nonce: 2009-06-21T22:03:51ZstfXvT
>     return_to:
> http://localhost:63995/OpenId/Authenticate?dnoi.userSuppliedIdentifier=http%3a%2f%2fsztupy2k.myopenid.com%2f&dnoi.return_to_sig_handle=%7b633812185973476562%7d%7bMLzXHg%3d%3d%7d&dnoi.return_to_sig=ANbgn54bDTG%2f9cigv0DIsV5LFBRuQTnoG45sqCY5Yv59HYh8gpluby8szbfqSileJ7Nlk5PfmW0DgF1%2fxpAXYw%3d%3d
>     signed:
> assoc_handle,ax.count.alias1,ax.count.alias2,ax.count.alias3,ax.count.alias4,ax.count.alias5,ax.mode,ax.type.alias1,ax.type.alias2,ax.type.alias3,ax.type.alias4,ax.type.alias5,claimed_id,identity,mode,ns,ns.ax,ns.sreg,op_endpoint,response_nonce,return_to,signed,sreg.email,sreg.fullname,sreg.nickname
>     sreg.email: mail at sztupy.hu
>     sreg.fullname: Zsolt Sz. SztupA!k
>     sreg.nickname: SztupY
>
> Base64 representation of signed data:
> YXNzb2NfaGFuZGxlOntITUFDLVNIQTI1Nn17NGEzZWFlMzl9e1dHOUlUUT09fQpheC5jb3VudC5hbGlhczE6MApheC5jb3VudC5hbGlhczI6MApheC5jb3VudC5hbGlhczM6MApheC5jb3VudC5hbGlhczQ6MApheC5jb3VudC5hbGlhczU6MApheC5tb2RlOmZldGNoX3Jlc3BvbnNlCmF4LnR5cGUuYWxpYXMxOmh0dHA6Ly9heHNjaGVtYS5vcmcvY29udGFjdC9lbWFpbApheC50eXBlLmFsaWFzMjpodHRwOi8vYXhzY2hlbWEub3JnL25hbWVQZXJzb24vZnJpZW5kbHkKYXgudHlwZS5hbGlhczM6aHR0cDovL2F4c2NoZW1hLm9yZy9uYW1lUGVyc29uCmF4LnR5cGUuYWxpYXM0Omh0dHA6Ly9heHNjaGVtYS5vcmcvbmFtZVBlcnNvbi9maXJzdApheC50eXBlLmFsaWFzNTpodHRwOi8vYXhzY2hlbWEub3JnL25hbWVQZXJzb24vbGFzdApjbGFpbWVkX2lkOmh0dHA6Ly9zenR1cHkyay5teW9wZW5pZC5jb20vCmlkZW50aXR5Omh0dHA6Ly9zenR1cHkyay5teW9wZW5pZC5jb20vCm1vZGU6aWRfcmVzCm5zOmh0dHA6Ly9zcGVjcy5vcGVuaWQubmV0L2F1dGgvMi4wCm5zLmF4Omh0dHA6Ly9vcGVuaWQubmV0L3Nydi9heC8xLjAKbnMuc3JlZzpodHRwOi8vb3BlbmlkLm5ldC9leHRlbnNpb25zL3NyZWcvMS4xCm9wX2VuZHBvaW50Omh0dHA6Ly93d3cubXlvcGVuaWQuY29tL3NlcnZlcgpyZXNwb25zZV9ub25jZToyMDA5LTA2LTIxVDIyOjAzOjUxWnN0Zlh2VApyZXR1cm5fdG86aHR0cDovL2xvY2FsaG9zdDo2Mzk5NS9Pc
> GVuSWQvQXV0aGVudGljYXRlP2Rub2kudXNlclN1cHBsaWVkSWRlbnRpZmllcj1odHRwJTNhJTJmJTJmc3p0dXB5MmsubXlvcGVuaWQuY29tJTJmJmRub2kucmV0dXJuX3RvX3NpZ19oYW5kbGU9JTdiNjMzODEyMTg1OTczNDc2NTYyJTdkJTdiTUx6WEhnJTNkJTNkJTdkJmRub2kucmV0dXJuX3RvX3NpZz1BTmJnbjU0YkRURyUyZjljaWd2MERJc1Y1TEZCUnVRVG5vRzQ1c3FDWTVZdjU5SFloOGdwbHVieThzemJmcVNpbGVKN05sazVQZm1XMERnRjElMmZ4cEFYWXclM2QlM2QKc2lnbmVkOmFzc29jX2hhbmRsZSxheC5jb3VudC5hbGlhczEsYXguY291bnQuYWxpYXMyLGF4LmNvdW50LmFsaWFzMyxheC5jb3VudC5hbGlhczQsYXguY291bnQuYWxpYXM1LGF4Lm1vZGUsYXgudHlwZS5hbGlhczEsYXgudHlwZS5hbGlhczIsYXgudHlwZS5hbGlhczMsYXgudHlwZS5hbGlhczQsYXgudHlwZS5hbGlhczUsY2xhaW1lZF9pZCxpZGVudGl0eSxtb2RlLG5zLG5zLmF4LG5zLnNyZWcsb3BfZW5kcG9pbnQscmVzcG9uc2Vfbm9uY2UscmV0dXJuX3RvLHNpZ25lZCxzcmVnLmVtYWlsLHNyZWcuZnVsbG5hbWUsc3JlZy5uaWNrbmFtZQpzcmVnLmVtYWlsOm1haWxAc3p0dXB5Lmh1CnNyZWcuZnVsbG5hbWU6WnNvbHQgU3ouIFN6dHVww4PCoWsKc3JlZy5uaWNrbmFtZTpTenR1cFkK
> Signature: 5OvxE4wy/3hhqM3eZlU4gNdP51kxWjCEalbgLh/pZeU=
>
> decoding the Base64 representation shows, that my sreg.fullname is
> corrupted (sreg.fullname:Zsolt Sz. SztupĂƒÂˇk instead of Zsolt Sz.
> SztupA!k) in the signed data. If I change my fullname at myopenid to not
> contain accented characters then everything is fine.
>
>  SztupY (Zsolt Sz. Sztupák)
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090621/642822ff/attachment.htm>