[OpenID] Interoperability problem with OpenID POST response between myopenid and Google
André Cruz
andre.cruz at co.sapo.pt
Sat May 23 12:49:09 UTC 2009
Hello.
I've detected a problem regarding openid responses that are sent via
POST (when they exceed the 2047 byte limit on URLs).
For example, create a myopenid account and a persona with a very large
full name and nickname so as to force openid responses (those that
request these attributes) to go via POST.
myopenid -> blogger FAIL
myopenid -> plaxo FAIL
myopenid -> sourceforge FAIL
Claimid is even worse. It does not convert the response to a POST and
so the URL is cropped.
I then build a custom OP based on janrain python lib (I think myopenid
is based on this) and a custom SP based on openid4java. Although they
talked to one another correctly using POST responses my OP still
failed against blogger, plaxo and sourceforge and my SP didn't accept
myopenid POST responses throwing an invalid signature...
Who's got the correct implementation? :)
Best regards,
André Cruz
More information about the general
mailing list