[web-devel] [Yesod][Auth][OpenId]

iquiw iku.iwasa at gmail.com
Mon Feb 7 04:52:12 CET 2011

I tracked it for my interest (studying OpenID).

As the authentication request, yesod-auth sets openid.claimed_id and
openid.identity to "https://mixi.jp".
I manually changed them to
"http://specs.openid.net/auth/2.0/identifier_select", then the
authentication process succeeded.

According to "OpenID Authentication 2.0" spec section 7.3.1, it seems
proper to use this value.
If the end user entered an OP Identifier, there is no Claimed
Identifier. For the purposes of making OpenID Authentication requests,
the value "http://specs.openid.net/auth/2.0/identifier_select" MUST be
used as both the Claimed Identifier and the OP-Local Identifier when
an OP Identifier is entered.


P.S. congrats on Yesod 0.7!

2011/1/28 Michael Snoyman <michael at snoyman.com>:
> 2011/1/26 いとうかつとし <cutsea110 at gmail.com>:
>> Hi,
>> I have a question.
>> OpenId plugin in yesod-auth don't support OP identifier?
>> for example, i try japanese SNS mixi.jp,
>> Claimed identifier:  https://id.mixi.jp/<myid> => success and login my
>> developed site.
>> OP identifier: https://mixi.jp => fail!!
>>       I success to login to mixi, but  mixi say the error message:
>>           `Given OpenID is not yours, your OpenID is
>> http://id.mixi.jp/<myid>. confirm and try again.'
>> the mixi's developer center say mixi 's OP identifier is https://mixi.jp.
>> anyone success to login by using OP identifier?
> I'm not sure what would be causing that bug. OpenID logins like that
> work just fine on Google. Unfortunately, I do not have a mixi account
> (and I can't read Japanese), so I cannot debug the problem myself.
> Does the problem exist if you try to log in to Haskellers with https://mixi.jp?
> The only thing I can think of is that some OpenID providers do not
> follow the spec and require the realm to be sent. Jeremy Shaw sent me
> a patch for this, but it only made it into authenticate 0.8, which
> yesod-auth 0.2 does not use. I just backported this patch and put it
> in authenticate Can you upgrade to that version and tell me
> if the bug persists?
> Thanks,
> Michael
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel

More information about the web-devel mailing list