[Openid-specs-ab] User input normalization and parsing

Justin Richer jricher at mitre.org
Fri Jun 28 13:53:43 UTC 2013 

On further inspection, the instructions as written in 2.1.1/2.1.2 don't 
actually allow for the acct: URI scheme. The acct: scheme is a 
non-heirarchical URI, which means it doesn't include the "//" component, 
and the text currently states:

    a URI either in the form of scheme "://" authority path-abempty [
    "?" query ] [ "#" fragment ] or authority path-abempty [ "?" query ]
    [ "#" fragment ] per RFC 3986
    <http://openid.net/specs/openid-connect-discovery-1_0.html#RFC3986>
    [RFC3986].


I think this needs an errata published as the intent was more like:


    a URI in the form of scheme "://" authority path-abempty [ "?" query
    ] [ "#" fragment ], authority path-abempty [ "?" query ] [ "#"
    fragment ], *or scheme ":" userinfo "@" host* per RFC 3986
    <http://openid.net/specs/openid-connect-discovery-1_0.html#RFC3986>
    [RFC3986].


I'll add an issue with this text shortly.

  -- Justin

On 06/27/2013 02:21 PM, Justin Richer wrote:
> I've been working on the webfinger handler for our client software, 
> and I am having a terrible time trying to get the actual parsing rules 
> straight and provide consistent output with the example input values. 
> Specifically, when using the Regex in Appendix B of RFC3986 (and 
> several derivatives such as that used by Spring's 
> UriComponentsBuilder), the "path" component seems to eat things that 
> it shouldn't. For instance, with the input "joe at example.com", I get 
> the entire string put into the "path" component and everything else 
> null. Similar thing happens with the 
> "acct:juliet%40capulet.example at shoppingsite.example.com" example, with 
> the "acct" being parsed as the scheme and everything else getting 
> dumped into the path.
>
> How is everyone else parsing user input? Are you able to follow all of 
> the input parsing and normalization rules described in the discovery 
> document? And if you're working in Java, can you point me at your code 
> or the library that you're using to do it? (Note that Java's built-in 
> URI parser falls over for other reasons.)
>
>  -- Justin
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130628/7b166c88/attachment.html>

More information about the Openid-specs-ab mailing list