George,<div><br></div><div>I haven't heard back from you. I have multiple RP sites contacting me saying that interop with AOL broke recently due to this change on the AOL Provider side. Can you give me an idea of what you think of this report and when you think a fix can be brought online?</div>
<div><br></div><div>Thanks.</div><div><br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Wed, Dec 31, 2008 at 5:23 PM, David Recordon <span dir="ltr"><<a href="mailto:drecordon@sixapart.com">drecordon@sixapart.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word">Hey Andrew,<div>George Fletcher is a great contact there and is normally on the list as well.</div><div><br></div><div>--David</div><div><br><div><div><div></div><div class="Wj3C7c"><div>
On Dec 31, 2008, at 5:02 PM, Andrew Arnott wrote:</div><br></div></div><blockquote type="cite"><div><div></div><div class="Wj3C7c">Is there anyone on this list who works for or with AOL OpenID folks? I have (below) a description of an interop issue with the AOL OpenID Provider that may be a bug they should look at.<br>
<br>Thanks.<br><br clear="all">--<br> Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br> <br><br><div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Andrew Arnott</b> <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com" target="_blank">andrewarnott@gmail.com</a>></span><br> Date: Wed, Dec 31, 2008 at 5:50 PM<br>Subject: Re: [dotnetopenid] problems with AOL today?<br>
To: <a href="mailto:dotnetopenid@googlegroups.com" target="_blank">dotnetopenid@googlegroups.com</a><br><br><br>Thanks for reporting this, Joel. This is a bug in AOL's encoding/decoding of the return_to URL, as I detail below. I'll forward this onto the AOL OpenID folks (as soon as I can figure out who they are) and suggest they fix this bug prompto!<br>
<br>As can be seen in the below log, DotNetOpenId is sending AOL a return_to URL with a twice-URL-encoded + sign as the value for the token parameter, as appropriate. That is, the plus sign is an actual character in the (base 64 encoded) value, which must be URL encoded because it is a URL parameter. Then since the return_to URI is itself a URL parameter, it is encoded again. <br>
<br>But when the auth message comes back from AOL (and only AOL has this issue, reportedly starting 12/31/08) the + sign character in the return_to URL has been decoded by AOL rather than being preserved as DotNetOpenId had written it. As a result, the + sign is misinterpreted as a URL encoding of the space character, causing the base64 decoding operation to fail.<br>
<br><b>Analysis: AOL is decoding the return_to parameter, and not properly re-encoding it before sending it back to the RP.</b><br><pre><span><font size="2"><span style="font-family:tahoma,sans-serif">2008-12-31 17:19:17,737 [5] DEBUG DotNetOpenId - Sending indirect message:</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.mode: checkid_setup</span><br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif"> openid.identity: <a href="http://openid.aol.com/webmyway" target="_blank">http://openid.aol.com/webmyway</a></span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.trust_root: <a href="http://nerdbank.org/RP/" target="_blank">http://nerdbank.org/RP/</a></span><br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif"> openid.return_to: <a href="http://nerdbank.org/RP/login.aspx?ReturnUrl=%2frp%2fMembersOnly%2fDefault.aspx&token=ATjrrFUCgj1z1e2dmRTszTnE" target="_blank">http://nerdbank.org/RP/login.aspx?ReturnUrl=%2frp%2fMembersOnly%2fDefault.aspx&token=ATjrrFUCgj1z1e2dmRTszTnE</a></span><span style="color:rgb(255, 0, 0);font-family:tahoma,sans-serif">4tB<b>%2b</b>iV9nz</span><span style="font-family:tahoma,sans-serif">Te78Df6GxGeaHR0cDovL29wZW5pZC5hb2wuY29tL3dlYm15d2F5DQpodHRwOi8vb3BlbmlkLmFvbC5jb20vd2VibXl3YXkNCg0KaHR0cHM6Ly9hcGkuc2NyZWVubmFtZS5hb2wuY29tL2F1dGgvb3BlbmlkU2VydmVyDQoxLjENCjIwMDktMDEtMDFUMDA6MTk6MTdaZHdCL3t8THkNCg%3d%3d&OpenIdTextBox_UsePersistentCookie=False</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.assoc_handle: diAyLjAgayAwIFoxQWlqdWw1Mmh3bXZUUHBtRVF2NG1NeDdaYz0%3D-j5HRXRB1VbPyg48jGKE1Q%2FHHWVWwVNZus2FUJWWCXqED%2BIkTINCC3xA7WOU0AmejttQ%2F2yXC%2Bi4%3D</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.ns.sreg: <a href="http://openid.net/extensions/sreg/1.1" target="_blank">http://openid.net/extensions/sreg/1.1</a></span><br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif"> openid.sreg.policy_url: <a href="http://nerdbank.org/RP/PrivacyPolicy.aspx" target="_blank">http://nerdbank.org/RP/PrivacyPolicy.aspx</a></span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.sreg.required: gender,postcode,timezone</span><br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif"> openid.sreg.optional: email,country</span><br style="font-family:tahoma,sans-serif">
<br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif">2008-12-31 17:19:17,737 [5] DEBUG DotNetOpenId - Redirecting to <a href="https://api.screenname.aol.com/auth/openidServer?openid.mode=checkid_setup&openid.identity=http%3a%2f%2fopenid.aol.com%2fwebmyway&openid.trust_root=http%3a%2f%2fnerdbank.org%2fRP%2f&openid.return_to=http%3a%2f%2fnerdbank.org%2fRP%2flogin.aspx%3fReturnUrl%3d%252frp%252fMembersOnly%252fDefault.aspx%26token%3dATjrrFUCgj1z1e2dmRTszTnE" target="_blank">https://api.screenname.aol.com/auth/openidServer?openid.mode=checkid_setup&openid.identity=http%3a%2f%2fopenid.aol.com%2fwebmyway&openid.trust_root=http%3a%2f%2fnerdbank.org%2fRP%2f&openid.return_to=http%3a%2f%2fnerdbank.org%2fRP%2flogin.aspx%3fReturnUrl%3d%252frp%252fMembersOnly%252fDefault.aspx%26token%3dATjrrFUCgj1z1e2dmRTszTnE</a><span style="color:rgb(255, 0, 0)">4tB<b>%252b</b>iV9nz</span>Te78Df6GxGeaHR0cDovL29wZW5pZC5hb2wuY29tL3dlYm15d2F5DQpodHRwOi8vb3BlbmlkLmFvbC5jb20vd2VibXl3YXkNCg0KaHR0cHM6Ly9hcGkuc2NyZWVubmFtZS5hb2wuY29tL2F1dGgvb3BlbmlkU2VydmVyDQoxLjENCjIwMDktMDEtMDFUMDA6MTk6MTdaZHdCL3t8THkNCg%253d%253d%26OpenIdTextBox_UsePersistentCookie%3dFalse&openid.assoc_handle=diAyLjAgayAwIFoxQWlqdWw1Mmh3bXZUUHBtRVF2NG1NeDdaYz0%253D-j5HRXRB1VbPyg48jGKE1Q%252FHHWVWwVNZus2FUJWWCXqED%252BIkTINCC3xA7WOU0AmejttQ%252F2yXC%252Bi4%253D&openid.ns.sreg=http%3a%2f%<a href="http://2fopenid.net" target="_blank">2fopenid.net</a>%2fextensions%2fsreg%2f1.1&openid.sreg.policy_url=http%3a%2f%<a href="http://2fnerdbank.org" target="_blank">2fnerdbank.org</a>%2fRP%2fPrivacyPolicy.aspx&openid.sreg.required=gender%2cpostcode%2ctimezone&openid.sreg.optional=email%2ccountry</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif">2008-12-31 17:20:18,726 [1] DEBUG DotNetOpenId - OpenID authentication response received:</span><br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif"> ReturnUrl: /rp/MembersOnly/Default.aspx</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> token: ATjrrFUCgj1z1e2dmRTszTnE<span style="color:rgb(255, 0, 0)">4tB iV9nz</span>Te78Df6GxGeaHR0cDovL29wZW5pZC5hb2wuY29tL3dlYm15d2F5DQpodHRwOi8vb3BlbmlkLmFvbC5jb20vd2VibXl3YXkNCg0KaHR0cHM6Ly9hcGkuc2NyZWVubmFtZS5hb2wuY29tL2F1dGgvb3BlbmlkU2VydmVyDQoxLjENCjIwMDktMDEtMDFUMDA6MTk6MTdaZHdCL3t8THkNCg==</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> OpenIdTextBox_UsePersistentCookie: False</span><br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif"> openid.mode: id_res</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.identity: <a href="http://openid.aol.com/webmyway" target="_blank">http://openid.aol.com/webmyway</a></span><br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif"> openid.assoc_handle: diAyLjAgayAwIHZrR3dmb3hFMy80VEZRMERlRFpkZ0RRUW03ST0%3D-j5HRXRB1VbPyg48jGKE1Q9dV%2Bsl5xZlMb7I9GJL9ohbwmRH%2BaEF%2BZhAJOAIsXk5%2BTdfzZoedphY%3D</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.return_to: <a href="http://nerdbank.org/RP/login.aspx?ReturnUrl=/rp/MembersOnly/Default.aspx&token=ATjrrFUCgj1z1e2dmRTszTnE" target="_blank">http://nerdbank.org/RP/login.aspx?ReturnUrl=/rp/MembersOnly/Default.aspx&token=ATjrrFUCgj1z1e2dmRTszTnE</a><span style="color:rgb(255, 0, 0)">4tB<b>+</b>iV9nz</span>Te78Df6GxGeaHR0cDovL29wZW5pZC5hb2wuY29tL3dlYm15d2F5DQpodHRwOi8vb3BlbmlkLmFvbC5jb20vd2VibXl3YXkNCg0KaHR0cHM6Ly9hcGkuc2NyZWVubmFtZS5hb2wuY29tL2F1dGgvb3BlbmlkU2VydmVyDQoxLjENCjIwMDktMDEtMDFUMDA6MTk6MTdaZHdCL3t8THkNCg==&OpenIdTextBox_UsePersistentCookie=False</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.signed: identity,return_to</span><br style="font-family:tahoma,sans-serif"><span style="font-family:tahoma,sans-serif"> openid.sig: UkJ8PtkMcJNTDaw094KRGYZkQgs=</span><br style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif"> openid.invalidate_handle: diAyLjAgayAwIFoxQWlqdWw1Mmh3bXZUUHBtRVF2NG1NeDdaYz0=-j5HRXRB1VbPyg48jGKE1Q/HHWVWwVNZus2FUJWWCXqED+IkTINCC3xA7WOU0AmejttQ/2yXC+i4=</span><br style="font-family:tahoma,sans-serif">
</font></span><br clear="all"></pre>--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<div><div></div><div><br> <br><br><div class="gmail_quote">
On Wed, Dec 31, 2008 at 1:11 PM, Joel Nylund <span dir="ltr"><<a href="mailto:jnylund@yahoo.com" target="_blank">jnylund@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex">
<br> Hey, anyone else having issues with AOL openid, as of today on my site I cant use aol to login or signup, there is a problem with the token they are sending over, havent had a chance to debug yet, just wondering if anyone else has seen?<br>
<br> When I try using Andrews site I see same problem:<br> <br> Server Error in '/RP' Application.<br> Invalid length for a Base-64 char array.<br> Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.<br>
<br> Exception Details: System.FormatException: Invalid length for a Base-64 char array.<br> <br> Source Error:<br> <br> An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.<br>
<br> Stack Trace:<br> <br> [FormatException: Invalid length for a Base-64 char array.]<br> System.Convert.FromBase64String(String s) +0<br> DotNetOpenId.RelyingParty.Token.Deserialize(String token, INonceStore store) in Token.cs:82<br>
DotNetOpenId.RelyingParty.AuthenticationResponse.Parse(IDictionary`2 query, OpenIdRelyingParty relyingParty, Uri requestUrl, Boolean verifySignature) in AuthenticationResponse.cs:222<br> DotNetOpenId.RelyingParty.OpenIdRelyingParty.get_Response() in OpenIdRelyingParty.cs:294<br>
DotNetOpenId.RelyingParty.OpenIdTextBox.OnLoad(EventArgs e) in OpenIdTextBox.cs:639<br> System.Web.UI.Control.LoadRecursive() +47<br> System.Web.UI.Control.LoadRecursive() +131<br> System.Web.UI.Control.LoadRecursive() +131<br>
System.Web.UI.Control.LoadRecursive() +131<br> System.Web.UI.Control.LoadRecursive() +131<br> System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1436<br>
<br> <br> <br> thanks<br><font color="#888888"> Joel<br> <br> <br> </font></blockquote></div><br> </div></div></div><br></div></div> _______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br></blockquote></div><br></div></div></blockquote></div><br></div>