Directed Identity and the '#' symbol
Andrew Arnott
andrewarnott at gmail.com
Sun Apr 26 07:13:35 PDT 2009
--001e680f172cd402a1046875d6e7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Shade,
The openid-test page is pretty old, from what I heard from Janrain a few
months ago. Can you verify whether this behavior holds true on their recent
demo RPs such as
http://openidenabled.com/ruby-openid/trunk/examples/consumer ?
If so, please file a bug with them. The relevant section of the spec is
OpenID 2.0 section 7.2 bullet 3.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire
On Sat, Apr 25, 2009 at 9:44 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:
> I believe the spec says that if the user were to enter a fragment, the RP
>> should trim it off before sending the auth request to the OP.
>>
>
> I tried it here:
> http://openidenabled.com/resources/openid-test/diagnose-server/
> The output began with
> Checking http://shadowsinthegarden.com/#generation...
> Fetching http://shadowsinthegarden.com/#generation
>
> I just checked Pibb, too; it recognized me. I ran the openidenabled.comtests again, this time checking Apache's access.log and comparing to what
> Pibb sent me there with; Pibb looked for my OpenID headers at '/', but
> openidenabled.com specifically requested '/#generation':
>
> Identity authenticated as http://shadowsinthegarden.com/#generation
>
> I'm currently using the openidenabled.com library; I can work around that
> behavior for now, but will just make it a cheap kludge until I know whether
> a future version will have a better (integrated) solution.
>
> -Shade
>
--001e680f172cd402a1046875d6e7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Shade,<div><br></div><div>The openid-test page is pretty old, from what I h=
eard from Janrain a few months ago. =A0Can you verify whether this behavior=
holds true on their recent demo RPs such as=A0<a href=3D"http://openidenab=
led.com/ruby-openid/trunk/examples/consumer">http://openidenabled.com/ruby-=
openid/trunk/examples/consumer</a>=A0?</div>
<div><br></div><div>If so, please file a bug with them. =A0The relevant sec=
tion of the spec is OpenID 2.0 section 7.2 bullet 3.</div><div>--<br>Andrew=
Arnott<br>"I [may] not agree with what you have to say, but I'll =
defend to the death your right to say it." - Voltaire<br>
<br><br><div class=3D"gmail_quote">On Sat, Apr 25, 2009 at 9:44 PM, SitG Ad=
min <span dir=3D"ltr"><<a href=3D"mailto:sysadmin at shadowsinthegarden.com=
">sysadmin at shadowsinthegarden.com</a>></span> wrote:<br><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex;">
<div class=3D"im"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .=
8ex;border-left:1px #ccc solid;padding-left:1ex">
I believe the spec says that if the user were to enter a fragment, the RP s=
hould trim it off before sending the auth request to the OP.<br>
</blockquote>
<br></div>
I tried it here:<br>
<a href=3D"http://openidenabled.com/resources/openid-test/diagnose-server/"=
target=3D"_blank">http://openidenabled.com/resources/openid-test/diagnose-=
server/</a><br>
The output began with<br>
Checking <a href=3D"http://shadowsinthegarden.com/#generation." target=3D"_=
blank">http://shadowsinthegarden.com/#generation.</a>..<br>
Fetching <a href=3D"http://shadowsinthegarden.com/#generation" target=3D"_b=
lank">http://shadowsinthegarden.com/#generation</a><br>
<br>
I just checked Pibb, too; it recognized me. I ran the <a href=3D"http://ope=
nidenabled.com" target=3D"_blank">openidenabled.com</a> tests again, this t=
ime checking Apache's access.log and comparing to what Pibb sent me the=
re with; Pibb looked for my OpenID headers at '/', but <a href=3D"h=
ttp://openidenabled.com" target=3D"_blank">openidenabled.com</a> specifical=
ly requested '/#generation':<br>
<br>
Identity authenticated as <a href=3D"http://shadowsinthegarden.com/#generat=
ion" target=3D"_blank">http://shadowsinthegarden.com/#generation</a><br>
<br>
I'm currently using the <a href=3D"http://openidenabled.com" target=3D"=
_blank">openidenabled.com</a> library; I can work around that behavior for =
now, but will just make it a cheap kludge until I know whether a future ver=
sion will have a better (integrated) solution.<br>
<br>
-Shade<br>
</blockquote></div><br></div>
--001e680f172cd402a1046875d6e7--
More information about the specs
mailing list