[web-devel] [Yesod][Auth][OpenId]

iquiw iku.iwasa at gmail.com
Sat Feb 12 06:24:02 CET 2011


I confirmed that authenticate-0.8.0.1 works on mixi.jp with both OP
Identifier and Claimed Identifier.

However, I found one case authentication doesn't work, when OP
Identifier responses 301.
There is at least one such OP Provider, http://livedoor.com (which is
Japanese site also).
They say their OP Identifier is "http://livedoor.com/", but it
redirects to "http://www.livedoor.com/".

2011/2/7 Michael Snoyman <michael at snoyman.com>:
> Thank you, that was the piece of information I was missing. I've just
> pushed a commit to Github (https://github.com/snoyberg/authenticate)
> which should hopefully solve the problem. Since I don't have a mixi.jp
> account myself, can someone confirm that this new version works before
> I release it to Hackage?
>
> Thanks,
> Michael
>
> 2011/2/7 iquiw <iku.iwasa at gmail.com>:
>> Hi,
>> I tracked it for my interest (studying OpenID).
>>
>> As the authentication request, yesod-auth sets openid.claimed_id and
>> openid.identity to "https://mixi.jp".
>> I manually changed them to
>> "http://specs.openid.net/auth/2.0/identifier_select", then the
>> authentication process succeeded.
>>
>> According to "OpenID Authentication 2.0" spec section 7.3.1, it seems
>> proper to use this value.
>> <quote>
>> If the end user entered an OP Identifier, there is no Claimed
>> Identifier. For the purposes of making OpenID Authentication requests,
>> the value "http://specs.openid.net/auth/2.0/identifier_select" MUST be
>> used as both the Claimed Identifier and the OP-Local Identifier when
>> an OP Identifier is entered.
>> </quote>
>>
>> Regards,
>> iwasa
>>
>> P.S. congrats on Yesod 0.7!
>>
>> 2011/1/28 Michael Snoyman <michael at snoyman.com>:
>>> 2011/1/26 いとうかつとし <cutsea110 at gmail.com>:
>>>> Hi,
>>>> I have a question.
>>>> OpenId plugin in yesod-auth 0.2.0.3 don't support OP identifier?
>>>> for example, i try japanese SNS mixi.jp,
>>>> Claimed identifier:  https://id.mixi.jp/<myid> => success and login my
>>>> developed site.
>>>> OP identifier: https://mixi.jp => fail!!
>>>>       I success to login to mixi, but  mixi say the error message:
>>>>           `Given OpenID is not yours, your OpenID is
>>>> http://id.mixi.jp/<myid>. confirm and try again.'
>>>> the mixi's developer center say mixi 's OP identifier is https://mixi.jp.
>>>> anyone success to login by using OP identifier?
>>>
>>> I'm not sure what would be causing that bug. OpenID logins like that
>>> work just fine on Google. Unfortunately, I do not have a mixi account
>>> (and I can't read Japanese), so I cannot debug the problem myself.
>>>
>>> Does the problem exist if you try to log in to Haskellers with https://mixi.jp?
>>>
>>> The only thing I can think of is that some OpenID providers do not
>>> follow the spec and require the realm to be sent. Jeremy Shaw sent me
>>> a patch for this, but it only made it into authenticate 0.8, which
>>> yesod-auth 0.2 does not use. I just backported this patch and put it
>>> in authenticate 0.7.2.4. Can you upgrade to that version and tell me
>>> if the bug persists?
>>>
>>> Thanks,
>>> Michael
>>>
>>> _______________________________________________
>>> web-devel mailing list
>>> web-devel at haskell.org
>>> http://www.haskell.org/mailman/listinfo/web-devel
>>>
>>
>



More information about the web-devel mailing list