[OpenID] Openidsamplestore
Paul E. Jones
paulej at packetizer.com
Sun Feb 20 20:14:02 UTC 2011
Like Johannes, I just tried using my own email address. It would not work,
but I saw something interesting in the logs. After I entered my email
address (paulej at packetizer.com), immediately, Google's servers issued
several queries to www.packetizer.com (not packetizer.com, mind you: those
are logged separately):
66.249.85.1 - - [20/Feb/2011:15:01:35 -0500] "HEAD / HTTP/1.1" 200 - "-" "-"
66.249.85.3 - - [20/Feb/2011:15:01:35 -0500] "GET / HTTP/1.1" 301 314 "-"
"-"
66.249.85.1 - - [20/Feb/2011:15:01:36 -0500] "GET / HTTP/1.1" 200 10281 "-"
"-"
66.249.85.3 - - [20/Feb/2011:15:01:36 -0500] "GET / HTTP/1.1" 301 314 "-"
"-"
66.249.85.3 - - [20/Feb/2011:15:01:36 -0500] "HEAD / HTTP/1.1" 301 - "-" "-"
66.249.85.1 - - [20/Feb/2011:15:01:36 -0500] "HEAD / HTTP/1.1" 200 - "-" "-"
66.249.85.3 - - [20/Feb/2011:15:01:36 -0500] "GET / HTTP/1.1" 301 314 "-"
"-"
66.249.85.1 - - [20/Feb/2011:15:01:36 -0500] "GET / HTTP/1.1" 200 10281 "-"
"-"
66.249.85.3 - - [20/Feb/2011:15:01:36 -0500] "GET / HTTP/1.1" 301 314 "-"
"-"
Why? And what information was being sought? If the desire was to determine
my OP, then why would it not query the packetizer.com/.well-known/host-meta
file?
Paul
From: openid-general-bounces at lists.openid.net
[mailto:openid-general-bounces at lists.openid.net] On Behalf Of Johannes Ernst
Sent: Sunday, January 23, 2011 6:55 PM
To: Chris Messina
Cc: openid-general at lists.openid.net
Subject: Re: [OpenID] Openidsamplestore
... now I'm logged into two Google accounts at the same time, using the
otherwise very cool Google multiple account feature.
Going back to openidsamplestore.com, I am trying to log in using the "other"
(non-primary) account. But I seem not to be able to do that: the user
component of the e-mail address is discarded, as we just figured out, and I
can't choose the non-primary account in the OpenID confirmation dialog.
Work left to be done? ;-)
On Jan 23, 2011, at 14:07, Chris Messina wrote:
To the best of my knowledge, yes - the logic ignores whatever precedes the
domain and relies solely on what the IDP returns (or else jernst at gmail.com
(your real account) could login as chris.messina at gmail.com by typing that in
the box and associating whatever identifier the IDP returns with what you
typed in the box).
In other words, what you type is only used as a suggestion as to who your
IDP is - it's up to your IDP to assert the identity of the current/active
user.
Chris
On Sun, Jan 23, 2011 at 1:08 PM, Johannes Ernst <jernst+openid.net
<http://openid.net/> @netmesh.us <http://netmesh.us/> > wrote:
Playing around with Google's OpenIdSampleStore.com:
I "sign up" with foo at gmail.com.
The popup comes up asking me to confirm the login into openidsamplestore.com
<http://openidsamplestore.com/> for my account johannes.ernst at gmail.com
(I'm currently logged into Google).
Does it simply ignore user "foo" that I entered in favor of my current
Google session? Why would it do that? Simply a bug or something I don't
quite understand?
The openidsamplestore at googlegroups.com mailing list seems dead, so I'm
posting this here.
Cheers,
Johannes.
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general
--
Chris Messina
Open Web Advocate, Google
Website: http://chrismessina.me <http://chrismessina.me/>
Blog: http://chrismessina.me/b
Follow my updates: http://twitter.com/chrismessina
This email is: [ ] shareable [X] ask first [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20110220/0f159b4b/attachment.html>
More information about the general
mailing list