Associate requests using 1.x or compatibility mode fail
Chris Johnson - November 16, 2008 - 03:42
| Project: | OpenID Provider |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
The POSTed data in this kind of request looks like this:
openid.assoc_type=HMAC-SHA1
openid.mode=associateIn a 2.x request, the request would contain these 2 additional key-value pairs:
openid.ns=http://specs.openid.net/auth/2.0
openid.session_type=no-encryptionThe lack of those 2 pairs appear to cause the provider code to return invalid responses to the RP.
#1
More specifically, if this module does not intend to support compatibility mode or the 1.x protocol (a reasonable decision), it should return sane values for requests made using compatibility mode, since the RP using it almost surely supports both 1.x and 2.x, or it would simply use the only version it supports. :-)