OpenID Authentication 2.0 spec clarification - does assoc_type have default value
Paul E. Jones
paulej at packetizer.com
Sat Jun 25 04:30:03 UTC 2011
VZ,
In my implementation, I default to HMAC_SHA1 if it's 1.1, but I select no
default if its 2.0:
http://www.packetizer.com/security/openid/
I suspect that was my interpretation of the spec when I wrote the code.
If the dh_* parameters are missing, I assume the defaults specified in the
spec.
Paul
> -----Original Message-----
> From: openid-specs-bounces at lists.openid.net [mailto:openid-specs-
> bounces at lists.openid.net] On Behalf Of Vlastimil Zíma
> Sent: Monday, June 06, 2011 11:30 AM
> To: openid-specs at lists.openid.net
> Subject: OpenID Authentication 2.0 spec clarification - does assoc_type
> have default value
>
> Hello,
>
> in OpenID specs 2.0 all request parameter are required unless opposite
> is said. Does it includes "openid.assoc_type" in association requests?
> It had default in specs 1.1, but it does not have one now.
>
> What is proper response to request without assoc_type?
>
> Parameters "openid.dh_modulus" and "openid.dh_gen" are not marked as
> optional as well, but they have default values mentioned in
> specification.
>
> Can someone clarify this, please?
>
> VZ
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
More information about the specs
mailing list