[Openid-specs-ab] User input normalization and parsing

[nov matake]

Hi,

I realized OpenID Connect defined its original user input normalization rule and requiring the operation to clients.

In my rubygem, I just get the webfinger endpoint from the user input.
I use the original user input as "resource" parameter as is.
(e.g if the input was "example.com", I access to "https://example.com/.well-known/webfinger?resource=example.com&rel=…)

Isn't it enough?
Why Connect requires clients to normalize user input for "resource" parameter?

On 2013/06/28, at 3:21, Justin Richer <jricher at mitre.org> wrote:

> I've been working on the webfinger handler for our client software, and I am having a terrible time trying to get the actual parsing rules straight and provide consistent output with the example input values. Specifically, when using the Regex in Appendix B of RFC3986 (and several derivatives such as that used by Spring's UriComponentsBuilder), the "path" component seems to eat things that it shouldn't. For instance, with the input "joe at example.com", I get the entire string put into the "path" component and everything else null. Similar thing happens with the "acct:juliet%40capulet.example at shoppingsite.example.com" example, with the "acct" being parsed as the scheme and everything else getting dumped into the path.
> 
> How is everyone else parsing user input? Are you able to follow all of the input parsing and normalization rules described in the discovery document? And if you're working in Java, can you point me at your code or the library that you're using to do it? (Note that Java's built-in URI parser falls over for other reasons.)
> 
> -- Justin
> 
> -- 
> You received this message because you are subscribed to the Google Groups "OpenID Connect Interop" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to openid-connect-interop+unsubscribe at googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
> 
>