Shade,<div><br></div><div>The openid-test page is pretty old, from what I heard from Janrain a few months ago. Can you verify whether this behavior holds true on their recent demo RPs such as <a href="http://openidenabled.com/ruby-openid/trunk/examples/consumer">http://openidenabled.com/ruby-openid/trunk/examples/consumer</a> ?</div>
<div><br></div><div>If so, please file a bug with them. The relevant section of the spec is OpenID 2.0 section 7.2 bullet 3.</div><div>--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Sat, Apr 25, 2009 at 9:44 PM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I believe the spec says that if the user were to enter a fragment, the RP should trim it off before sending the auth request to the OP.<br>
</blockquote>
<br></div>
I tried it here:<br>
<a href="http://openidenabled.com/resources/openid-test/diagnose-server/" target="_blank">http://openidenabled.com/resources/openid-test/diagnose-server/</a><br>
The output began with<br>
Checking <a href="http://shadowsinthegarden.com/#generation." target="_blank">http://shadowsinthegarden.com/#generation.</a>..<br>
Fetching <a href="http://shadowsinthegarden.com/#generation" target="_blank">http://shadowsinthegarden.com/#generation</a><br>
<br>
I just checked Pibb, too; it recognized me. I ran the <a href="http://openidenabled.com" target="_blank">openidenabled.com</a> tests again, this time checking Apache's access.log and comparing to what Pibb sent me there with; Pibb looked for my OpenID headers at '/', but <a href="http://openidenabled.com" target="_blank">openidenabled.com</a> specifically requested '/#generation':<br>
<br>
Identity authenticated as <a href="http://shadowsinthegarden.com/#generation" target="_blank">http://shadowsinthegarden.com/#generation</a><br>
<br>
I'm currently using the <a href="http://openidenabled.com" target="_blank">openidenabled.com</a> library; I can work around that behavior for now, but will just make it a cheap kludge until I know whether a future version will have a better (integrated) solution.<br>
<br>
-Shade<br>
</blockquote></div><br></div>