[web-devel] [Yesod][Auth][OpenId]

iquiw iku.iwasa at gmail.com
Mon Feb 7 04:52:12 CET 2011 

Hi,
I tracked it for my interest (studying OpenID).

As the authentication request, yesod-auth sets openid.claimed_id and
openid.identity to "https://mixi.jp".
I manually changed them to
"http://specs.openid.net/auth/2.0/identifier_select", then the
authentication process succeeded.

According to "OpenID Authentication 2.0" spec section 7.3.1, it seems
proper to use this value.
<quote>
If the end user entered an OP Identifier, there is no Claimed
Identifier. For the purposes of making OpenID Authentication requests,
the value "http://specs.openid.net/auth/2.0/identifier_select" MUST be
used as both the Claimed Identifier and the OP-Local Identifier when
an OP Identifier is entered.
</quote>

Regards,
iwasa

P.S. congrats on Yesod 0.7!

2011/1/28 Michael Snoyman <michael at snoyman.com>:
> 2011/1/26 いとうかつとし <cutsea110 at gmail.com>:
>> Hi,
>> I have a question.
>> OpenId plugin in yesod-auth 0.2.0.3 don't support OP identifier?
>> for example, i try japanese SNS mixi.jp,
>> Claimed identifier:  https://id.mixi.jp/<myid> => success and login my
>> developed site.
>> OP identifier: https://mixi.jp => fail!!
>>       I success to login to mixi, but  mixi say the error message:
>>           `Given OpenID is not yours, your OpenID is
>> http://id.mixi.jp/<myid>. confirm and try again.'
>> the mixi's developer center say mixi 's OP identifier is https://mixi.jp.
>> anyone success to login by using OP identifier?
>
> I'm not sure what would be causing that bug. OpenID logins like that
> work just fine on Google. Unfortunately, I do not have a mixi account
> (and I can't read Japanese), so I cannot debug the problem myself.
>
> Does the problem exist if you try to log in to Haskellers with https://mixi.jp?
>
> The only thing I can think of is that some OpenID providers do not
> follow the spec and require the realm to be sent. Jeremy Shaw sent me
> a patch for this, but it only made it into authenticate 0.8, which
> yesod-auth 0.2 does not use. I just backported this patch and put it
> in authenticate 0.7.2.4. Can you upgrade to that version and tell me
> if the bug persists?
>
> Thanks,
> Michael
>
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel
>

More information about the web-devel mailing list