Trying to login on stackoverlow raise the error:

Unable to log in with your OpenID provider:
The following required non-empty parameters were empty in the DotNetOpenAuth.OpenId.Messages.PositiveAssertionResponse message: openid.assoc_handle

Comments

JED3’s picture

I too am experiencing the same issue, any word on how to work around this bug?

Removing the openid.assoc_handle variable from the response, nor setting the variable to a non-null value, passes the verification step of any site using the dotnetopenauth library that SO is using.

damienmckenna’s picture

Some details on what should be provided: http://openid.net/specs/openid-authentication-1_1.html#anchor17

openid.assoc_handle
Value: Opaque association handle being used to find the HMAC key for the signature.

damienmckenna’s picture

Oh wait, that's for the old spec.

Here's the 2.0 spec: http://openid.net/specs/openid-authentication-2_0.html#positive_assertions

openid.assoc_handle
Value: The handle for the association that was used to sign this assertion.

damienmckenna’s picture

Here's an example request as parsed by _openid_response() for the stackexchange request:

array (
  'q' => 'openid/provider',
  'openid.claimed_id' => 'http://www.example.com/user/1/identity',
  'openid.identity' => 'http://www.example.com/user/1/identity',
  'openid.return_to' => 'http://area51.stackexchange.com/users/authenticate/?s=[36-char-string]&dnoa.userSuppliedIdentifier=http%3A%2F%2Fwww.example.com%2Fuser%2F1%2Fidentity',
  'openid.realm' => 'http://area51.stackexchange.com/users/authenticate/',
  'openid.mode' => 'checkid_setup',
  'openid.ns' => 'http://specs.openid.net/auth/2.0',
  'openid.ns.alias3' => 'http://openid.net/srv/ax/1.0',
  'openid.alias3.if_available' => 'alias1,alias2,alias3,alias4',
  'openid.alias3.mode' => 'fetch_request',
  'openid.alias3.type.alias1' => 'http://schema.openid.net/namePerson',
  'openid.alias3.count.alias1' => '1',
  'openid.alias3.type.alias2' => 'http://schema.openid.net/contact/email',
  'openid.alias3.count.alias2' => '1',
  'openid.alias3.type.alias3' => 'http://axschema.org/namePerson',
  'openid.alias3.count.alias3' => '1',
  'openid.alias3.type.alias4' => 'http://axschema.org/contact/email',
  'openid.alias3.count.alias4' => '1',
)
tregeagle’s picture

FYI -here is the error I get using 6.x-1.0-beta2:
Unable to log in with your OpenID provider:
The following required non-empty parameters were empty in the DotNetOpenAuth.OpenId.Messages.PositiveAssertionResponse message: openid.assoc_handle

anarcat’s picture

I wonder if this is the same problem as the one I'm having in #1158356: can't login to ikiwiki.info (perl's Net-OpenID-Consumer?), most notably that direct verification (that do not require storage on the client side) is broken...

anarcat’s picture

Status: Active » Closed (duplicate)