[web-devel] [Yesod][Auth][OpenId]

Michael Snoyman michael at snoyman.com
Mon Feb 7 05:58:15 CET 2011


Thank you, that was the piece of information I was missing. I've just
pushed a commit to Github (https://github.com/snoyberg/authenticate)
which should hopefully solve the problem. Since I don't have a mixi.jp
account myself, can someone confirm that this new version works before
I release it to Hackage?

Thanks,
Michael

2011/2/7 iquiw <iku.iwasa at gmail.com>:
> Hi,
> I tracked it for my interest (studying OpenID).
>
> As the authentication request, yesod-auth sets openid.claimed_id and
> openid.identity to "https://mixi.jp".
> I manually changed them to
> "http://specs.openid.net/auth/2.0/identifier_select", then the
> authentication process succeeded.
>
> According to "OpenID Authentication 2.0" spec section 7.3.1, it seems
> proper to use this value.
> <quote>
> If the end user entered an OP Identifier, there is no Claimed
> Identifier. For the purposes of making OpenID Authentication requests,
> the value "http://specs.openid.net/auth/2.0/identifier_select" MUST be
> used as both the Claimed Identifier and the OP-Local Identifier when
> an OP Identifier is entered.
> </quote>
>
> Regards,
> iwasa
>
> P.S. congrats on Yesod 0.7!
>
> 2011/1/28 Michael Snoyman <michael at snoyman.com>:
>> 2011/1/26 いとうかつとし <cutsea110 at gmail.com>:
>>> Hi,
>>> I have a question.
>>> OpenId plugin in yesod-auth 0.2.0.3 don't support OP identifier?
>>> for example, i try japanese SNS mixi.jp,
>>> Claimed identifier:  https://id.mixi.jp/<myid> => success and login my
>>> developed site.
>>> OP identifier: https://mixi.jp => fail!!
>>>       I success to login to mixi, but  mixi say the error message:
>>>           `Given OpenID is not yours, your OpenID is
>>> http://id.mixi.jp/<myid>. confirm and try again.'
>>> the mixi's developer center say mixi 's OP identifier is https://mixi.jp.
>>> anyone success to login by using OP identifier?
>>
>> I'm not sure what would be causing that bug. OpenID logins like that
>> work just fine on Google. Unfortunately, I do not have a mixi account
>> (and I can't read Japanese), so I cannot debug the problem myself.
>>
>> Does the problem exist if you try to log in to Haskellers with https://mixi.jp?
>>
>> The only thing I can think of is that some OpenID providers do not
>> follow the spec and require the realm to be sent. Jeremy Shaw sent me
>> a patch for this, but it only made it into authenticate 0.8, which
>> yesod-auth 0.2 does not use. I just backported this patch and put it
>> in authenticate 0.7.2.4. Can you upgrade to that version and tell me
>> if the bug persists?
>>
>> Thanks,
>> Michael
>>
>> _______________________________________________
>> web-devel mailing list
>> web-devel at haskell.org
>> http://www.haskell.org/mailman/listinfo/web-devel
>>
>



More information about the web-devel mailing list