From shugo at ruby-lang.org Wed Jul 4 01:36:45 2007 From: shugo at ruby-lang.org (Shugo Maeda) Date: Wed, 04 Jul 2007 17:36:45 +0900 Subject: OpenID 2.0 on Ruby OpenID Message-ID: <468B5C1D.8050402@ruby-lang.org> Hi, Thanks for your great Ruby library for OpenID. Do you have a plan to support OpenID 2.0 on Ruby OpenID? If not, can I work for it? Shugo From dev-list-openidenabled at thequod.de Wed Jul 4 14:55:00 2007 From: dev-list-openidenabled at thequod.de (dAniel hAhler) Date: Wed, 4 Jul 2007 23:55:00 +0200 Subject: [patch] OpenID-PHP: remove $__Auth_OpenID_PEAR_AVAILABLE / fix fatal error if there's already a "DB" class defined In-Reply-To: References: Message-ID: Hello, I'd like to bump this topic again, because I just had the "white page with no error indication at all" problem again, because I had this patch not applied (and the project itself uses a DB class already). Please consider applying it in your darcs repository. Thank you. On 5/25/07, dAniel hAhler wrote: > Hi, > > the attached patch fixes a fatal error "Cannot redeclare class DB", if > there's already a class named "DB" available and it's from another > file than PEAR's DB.php (This is the case e.g. for b2evolution, which > has its own class "DB"). > Additionally the error will be "blank page, with no error at all - not > even in the error log", because "@" gets used with include_once to > discard any errors! > > Instead of using this global and the call to include_once() to see if > DB_FETCHMODE_ASSOC should get set on the $connection, the patch uses > just "is_subclass_of()". > AFAICS there's no need to include DB.php - the $connection would have > been instantiated before anyway. > > Last but not least the patch simplifies the code, by removing the > global altogether and should improve performance a tiny bit. > > From kevin at janrain.com Wed Jul 4 16:31:20 2007 From: kevin at janrain.com (Kevin Turner) Date: Wed, 04 Jul 2007 16:31:20 -0700 Subject: OpenID 2.0 on Ruby OpenID In-Reply-To: <468B5C1D.8050402@ruby-lang.org> References: <468B5C1D.8050402@ruby-lang.org> Message-ID: <1183591880.30192.63.camel@localhost> On Wed, 2007-07-04 at 17:36 +0900, Shugo Maeda wrote: > Do you have a plan to support OpenID 2.0 on Ruby OpenID? > If not, can I work for it? Hi Shugo, I'm glad you asked. We develop the Ruby library as a port of the Python one. Sometimes this makes our Ruby feel funny, since it is not our native language, but we hope this saves us the work of doing all the design and logic twice. (Three times, counting PHP.) The Python library is less of a moving target lately, so it is time to bring the Ruby library up to date. I have begun to do this -- so yes, we do have a plan to support it -- but I would also welcome assistance. This style of development, porting a project from one language to another while both are being actively maintained, is unlike other collaborative development I have been involved in, and I admit I am uncertain how to coordinate. A few things that would be helpful are: * Code review. Always a good practice, but especially useful for me right now because Ruby is not my best language. * Finding ways to make the test suite more data-driven and less language-dependent. It's not practical to make all tests data-driven, but maintaining tests in both pyunit and Test::Unit is tedious and error-prone, and all our maintainers would be happier if the test cases were defined in a common place. * Help porting. As I said, I am unsure how to coordinate this right now, but it is likely that we'll be able to identify some pieces we can work on independently without breaking the build for others. The Python development branch is in a darcs repository here http://www.openidenabled.com/resources/repos/python/openid/ and the Ruby branch for OpenID 2.0 is here http://www.openidenabled.com/resources/repos/ruby/openid-2.0/ We'll have some other development resources, like a public bug tracker, online later this month. I welcome any further suggestions or comments you might have about the development of the Ruby OpenID library. Thanks, - Kevin From wichert at wiggy.net Sun Jul 8 07:39:39 2007 From: wichert at wiggy.net (Wichert Akkerman) Date: Sun, 8 Jul 2007 16:39:39 +0200 Subject: python: required type not present error In-Reply-To: <1182890721.3380.63.camel@localhost> References: <20070626193911.GB4906@wiggy.net> <1182890721.3380.63.camel@localhost> Message-ID: <20070708143939.GA2393@wiggy.net> Previously Kevin Turner wrote: > On Tue, 2007-06-26 at 21:39 +0200, Wichert Akkerman wrote: > > Bugreport details can be found at http://dev.plone.org/plone/ticket/6619 > > Reply posted there on trac. I've updated that ticket further. As far as I can see everything I'm doing is correct. For testing purposes I've setup openid.demo.simplon.biz which is a basic Plone 3 site with OpenID authentication enabled. It does not show the auth error if it occurs unforatunately, but if authenticated works you should get a logged-in-succesfully page. Wichert. -- Wichert Akkerman It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. From wichert at wiggy.net Sun Jul 8 08:04:41 2007 From: wichert at wiggy.net (Wichert Akkerman) Date: Sun, 8 Jul 2007 17:04:41 +0200 Subject: switch to setuptools Message-ID: <20070708150441.GB2393@wiggy.net> Can python-openid please switch to using setuptools? That will allow people to use normal and development eggs of it. Wichert. -- Wichert Akkerman It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. From wmorgan at pirg.org Sun Jul 8 13:29:35 2007 From: wmorgan at pirg.org (Wes Morgan) Date: Sun, 8 Jul 2007 14:29:35 -0600 Subject: Question about the PHP OpenID library In-Reply-To: References: Message-ID: <2E7312EC-46A1-456F-B9FC-5672E6EB0A24@pirg.org> Jonathan, Thanks for your reply. Strange that I just got it in the digest today. The changes are very minimal, and are almost certainly an improvement to the library. All I changed is two queries in the MySQLStore class to specify the list of columns rather than assuming them. This solves my problem perfectly, will prevent more problems in the future for people in situations like mine, and has no real downside that I'm aware of for people in a standard cofiguration. I've attached a patch. Let me know if there's some reason why this shouldn't go into the library. Thanks! Wes -------------- next part -------------- A non-text attachment was scrubbed... Name: MySQLStore.php.patch Type: application/octet-stream Size: 835 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070708/3c6575b1/attachment.obj -------------- next part -------------- On Jul 8, 2007, at 9:48 AM, dev-request at lists.openidenabled.com wrote: > Hi Wes, > > Given your needs, I think the best way to handle this is to write an > Auth_OpenID_SQLStore subclass that overrides the methods that deal > with the tables that need to have special behavior. The store classes > in the library don't provide the sort of hooks you need because > they're provided for the simplest (and common) use case. I had to > make schema changes for the Postgres-backed store for another project > and had to take the same approach. > > -- > Jonathan Daugherty > JanRain, Inc. > irc.freenode.net: cygnus in #openid > cygnus.myopenid.com From wp at mcc.org Sun Jul 8 13:03:24 2007 From: wp at mcc.org (Wesley Penner) Date: Sun, 8 Jul 2007 16:03:24 -0400 Subject: Wesley Penner/MCC is on home leave. Message-ID: From kevin at janrain.com Mon Jul 9 12:03:45 2007 From: kevin at janrain.com (Kevin Turner) Date: Mon, 09 Jul 2007 12:03:45 -0700 Subject: switch to setuptools In-Reply-To: <20070708150441.GB2393@wiggy.net> References: <20070708150441.GB2393@wiggy.net> Message-ID: <1184007825.30192.87.camel@localhost> On Sun, 2007-07-08 at 17:04 +0200, Wichert Akkerman wrote: > Can python-openid please switch to using setuptools? That will allow > people to use normal and development eggs of it. We had a thread about this back in March, which ended with some questions I never got answers to: http://lists.openidenabled.com/pipermail/dev/2007-March/000374.html http://lists.openidenabled.com/pipermail/dev/2007-March/000375.html I am still not enamored of setuptools. The last setuptools-packaged thing I "installed" got copied somewhere on my filesystem, but not in any place that Python would import it, which is a lot like not being installed. I'm happy to work with people to continue supporting distribution in RPM and .deb packages, but I remain unconvinced that it's a good idea to require any Python-specific package distribution format before it is integrated with the standard library. From wichert at wiggy.net Mon Jul 9 15:06:50 2007 From: wichert at wiggy.net (Wichert Akkerman) Date: Tue, 10 Jul 2007 00:06:50 +0200 Subject: switch to setuptools In-Reply-To: <1184007825.30192.87.camel@localhost> References: <20070708150441.GB2393@wiggy.net> <1184007825.30192.87.camel@localhost> Message-ID: <20070709220649.GB14281@wiggy.net> Previously Kevin Turner wrote: > On Sun, 2007-07-08 at 17:04 +0200, Wichert Akkerman wrote: > > Can python-openid please switch to using setuptools? That will allow > > people to use normal and development eggs of it. > > We had a thread about this back in March, which ended with some > questions I never got answers to: > > http://lists.openidenabled.com/pipermail/dev/2007-March/000374.html > http://lists.openidenabled.com/pipermail/dev/2007-March/000375.html > > I am still not enamored of setuptools. The last setuptools-packaged > thing I "installed" got copied somewhere on my filesystem, but not in > any place that Python would import it, which is a lot like not being > installed. That is definitely odd. easy_install should install packages in whatever directory it thinks the system python is in. On my Linux systems that is either /usr/lib/python2.4/site-package or /usr/local/lib/python2.4/site-packages. On OSX it appears to be /opt/local/Library/Frameworks/Python.framework/Versions/2.4/lib/python2.4/site-packages. In all cases it installed in a path that python will use and I never had to write a configuration file for it. The reason I would like to have an egg is to be able to use openid as a development egg in a buildout environment. buildout is smart enough to create what appears to be a 'fake' egg when installing the current python-openid package, but that does not allow one to pdb into openid code. > I'm happy to work with people to continue supporting distribution in RPM > and .deb packages, but I remain unconvinced that it's a good idea to > require any Python-specific package distribution format before it is > integrated with the standard library. setuptools and eggs are rapidly becoming a standard for managing deployments. Pylons is completely egg-based, the next Zope 3 release will consist of eggs and Plone has an egg-based install option. For deployments it is very nice to be able to use isolated python environments which tools such as workingenv or buildout provide. Buildout recipes are heavily based on eggs. Wichert. -- Wichert Akkerman It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. From wichert at wiggy.net Tue Jul 10 00:57:20 2007 From: wichert at wiggy.net (Wichert Akkerman) Date: Tue, 10 Jul 2007 09:57:20 +0200 Subject: python: required type not present error In-Reply-To: <20070708143939.GA2393@wiggy.net> References: <20070626193911.GB4906@wiggy.net> <1182890721.3380.63.camel@localhost> <20070708143939.GA2393@wiggy.net> Message-ID: <20070710075720.GA6392@wiggy.net> Previously Wichert Akkerman wrote: > Previously Kevin Turner wrote: > > On Tue, 2007-06-26 at 21:39 +0200, Wichert Akkerman wrote: > > > Bugreport details can be found at http://dev.plone.org/plone/ticket/6619 > > > > Reply posted there on trac. > > I've updated that ticket further. As far as I can see everything I'm > doing is correct. > > For testing purposes I've setup openid.demo.simplon.biz which is a basic > Plone 3 site with OpenID authentication enabled. It does not show the > auth error if it occurs unforatunately, but if authenticated works you > should get a logged-in-succesfully page. I got some help from Kevin last night and we tracked this one down: the problem was that my code was extracting openid request variables using a whitelist made for OpenID1, but OpenID2 requires more variables (specifically openid.ns). Updating the code to just pass all variables that start with openid made things work again. Wichert. -- Wichert Akkerman It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. From shugo at ruby-lang.org Tue Jul 10 05:45:25 2007 From: shugo at ruby-lang.org (Shugo Maeda) Date: Tue, 10 Jul 2007 21:45:25 +0900 Subject: OpenID 2.0 on Ruby OpenID In-Reply-To: <1183591880.30192.63.camel@localhost> References: <468B5C1D.8050402@ruby-lang.org> <1183591880.30192.63.camel@localhost> Message-ID: <46937F65.8070900@ruby-lang.org> Hi, On 07/05/2007 08:31 AM, Kevin Turner wrote: > and the Ruby branch for OpenID 2.0 is here > http://www.openidenabled.com/resources/repos/ruby/openid-2.0/ Oh, I missed it. I'll try it later. Thank you. Shugo From julian_bond at voidstar.com Mon Jul 16 02:13:46 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Mon, 16 Jul 2007 10:13:46 +0100 Subject: JanRain PHP Pear installation Message-ID: I rather think the directory structure of the PEAR install is broken. I followed the instructions and ended up with this. pear - Auth - - Auth - - - OpenID - - - Services - - - - Yadis When I think it should be pear - Auth - - OpenID - Services - - Yadis Is this just my pear installation or a bug? Once I'd moved the directories around it all worked as it should. -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From cygnus at janrain.com Mon Jul 16 09:40:21 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Mon, 16 Jul 2007 09:40:21 -0700 Subject: JanRain PHP Pear installation In-Reply-To: References: Message-ID: <20070716164021.GB16440@janrain.com> # I rather think the directory structure of the PEAR install is # broken. I followed the instructions and ended up with this. # # pear # - Auth # - - Auth # - - - OpenID # - - - Services # - - - - Yadis That has happened on some versions of the PEAR installer, but not all. It does appear to be a bug in PEAR's treatment of the package XML metadata. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From julian_bond at voidstar.com Thu Jul 19 01:10:11 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Thu, 19 Jul 2007 09:10:11 +0100 Subject: Reliance on AX Email address Message-ID: If an OpenID Consumer receives an email address in Attribute Exchange, how much reliance can be placed on that email address actually being real? Which I guess is a question about OpenID Servers. Is it common, mandatory, recommended or whatever that OpenID Servers validate email addresses that they later serve up? -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From simon at simonwillison.net Thu Jul 19 01:21:29 2007 From: simon at simonwillison.net (Simon Willison) Date: Thu, 19 Jul 2007 09:21:29 +0100 Subject: Reliance on AX Email address In-Reply-To: References: Message-ID: On 7/19/07, Julian Bond wrote: > If an OpenID Consumer receives an email address in Attribute Exchange, > how much reliance can be placed on that email address actually being > real? None at all. Firstly it depends entirely on the policies of the OpenID provider you are talking to. Secondly, providers are meant to jealously guard their users privacy (as much as possible anyway), and give them full control over what information is passed back to the consumer. Most providers I've looked at let you opt out of sending back the e-mail address (remember, some providers don't support simple registration at all), and many let you manually edit that e-mail address before sending it back. Wordpress.com (which I built) lets you edit the fields directly before they are passed back to the consumer. myopenid.com lets you set up one or more "personas", each with a different e-mail address. I think it provides an "edit this information before sending it" option as well. By far the best way to use simple registration is to pre-fill your regular sign up form. I wrote more about this here: http://simonwillison.net/2007/Jun/30/sreg/ Cheers, Simon Willison From simon at simonwillison.net Thu Jul 19 01:22:28 2007 From: simon at simonwillison.net (Simon Willison) Date: Thu, 19 Jul 2007 09:22:28 +0100 Subject: Reliance on AX Email address In-Reply-To: References: Message-ID: On 7/19/07, Simon Willison wrote: > Wordpress.com (which I built) lets you edit the fields directly before > they are passed back to the consumer. That should read "Wordpress.com's OpenID support" - I certainly don't want to take credit for the whole service! From julian_bond at voidstar.com Fri Jul 20 02:58:24 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Fri, 20 Jul 2007 10:58:24 +0100 Subject: Reliance on AX Email address In-Reply-To: References: Message-ID: Simon Willison Thu, 19 Jul 2007 09:21:29 >On 7/19/07, Julian Bond wrote: >> If an OpenID Consumer receives an email address in Attribute Exchange, >> how much reliance can be placed on that email address actually being >> real? > >None at all. This is kind of obvious. (doh!) Which is why I said "Is it common... for OpenID Servers to validate email addresses before passing them on." So perhaps the real question here is whether it should become a convention and recommendation to people running OpenID servers that they should do that. Or perhaps a value added service they could offer to differentiate themselves. So as a Consumer *if* I get a full set of Attributes from MyValidatedOpenId.com I could rely on them. But if they come from AnyOldOtherOpenID.com I'd just go through the normal signup process. The reasoning behind this is questioning to what extent I can streamline the signup process for a real world App using OpenID. If I don't need any validation at all, then I can have a zero signup like twitterfeed.com or Twitterwhere.com. But most real world apps need to know it's a real email address (for later spam marketing!) so your advice to just pre-fill the normal signup form and continue the normal signup process is well taken. -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From julian_bond at voidstar.com Fri Jul 20 03:04:03 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Fri, 20 Jul 2007 11:04:03 +0100 Subject: Interop Testing Message-ID: <4NKziDpTiIoGFAV7@jblaptop.voidstar.com> Is there any Interop testing initiative going on? I've noticed in my travels several instances of - Consumers that don't support YADIS discovery - Servers that will authenticate to some consumers but not others - Servers that and Consumers that don't support AX. And so on. -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From kevin at radagast.biz Fri Jul 20 03:44:06 2007 From: kevin at radagast.biz (Kevin Jardine) Date: Fri, 20 Jul 2007 12:44:06 +0200 Subject: Reliance on AX Email address In-Reply-To: References: Message-ID: <46A091F6.2070703@radagast.biz> Hi Julian, The question of trust (rather than authentication) is another layer of functionality that can be added to OpenID servers and clients that complements the OpenID protocol but is not part of it. In the OpenID software that I provide to my clients, it is possible to manage trust both at the server and client level. OpenID servers can optionally restrict the OpenIDs they manage to a fixed set of trust roots, so that, for example, a school, institution or other organisation can support a suite of trusted client apps but not allow the OpenIDs they provide to be used beyond these trusted apps. On the client side, I've created a traffic light trust system. Information provided by green OpenIDs is trusted immediately, information provided by yellow OpenIDs is trusted only after an email confirmation process, and red OpenIDs are always rejected. There is a wildcard system to make this as flexible as possible. I would argue that the question of trust is a huge complex issue that depends a great deal on what entity is providing the OpenID servers and clients. It is best left out of the protocol itself, I think. Cheers, Kevin -- Kevin Jardine Radagast Solutions Internet campaign advice and magic http://radagast.biz YIM: kevinjardine Skype: kevinjardine Eml: kevin at radagast.biz Tel: +31 (0)6 25581608 Julian Bond wrote: > Simon Willison Thu, 19 Jul 2007 09:21:29 >> On 7/19/07, Julian Bond wrote: >>> If an OpenID Consumer receives an email address in Attribute Exchange, >>> how much reliance can be placed on that email address actually being >>> real? >> None at all. > > This is kind of obvious. (doh!) Which is why I said "Is it common... for > OpenID Servers to validate email addresses before passing them on." > > So perhaps the real question here is whether it should become a > convention and recommendation to people running OpenID servers that they > should do that. Or perhaps a value added service they could offer to > differentiate themselves. So as a Consumer *if* I get a full set of > Attributes from MyValidatedOpenId.com I could rely on them. But if they > come from AnyOldOtherOpenID.com I'd just go through the normal signup > process. > > The reasoning behind this is questioning to what extent I can streamline > the signup process for a real world App using OpenID. If I don't need > any validation at all, then I can have a zero signup like > twitterfeed.com or Twitterwhere.com. But most real world apps need to > know it's a real email address (for later spam marketing!) so your > advice to just pre-fill the normal signup form and continue the normal > signup process is well taken. > From paul at virtual-techno.com Fri Jul 20 03:53:36 2007 From: paul at virtual-techno.com (Paul Tanner) Date: Fri, 20 Jul 2007 11:53:36 +0100 Subject: Reliance on email address in AX In-Reply-To: References: Message-ID: Hi Julian, Nice that you are working this. I wish LinkedIn would do likewise. Apologies in advance if the following is obvious to you. Email addresses will be many and various so RPs should store the one they will subsequently use (which on initial signup *might* have come from an OpenID AX). RPs should of course store OpenIDs to facilitate this mode of signon. *More than one* OpenID should be allowed (as Simon has frequently suggested) so that there is no single point of failure in the unlikely event of OP problems. When building RPs I admit that I was initially too lazy to do this but I now see the error of my ways ;-) Regards, Paul At 12:07 20/07/2007, you wrote: >Simon Willison Thu, 19 Jul 2007 09:21:29 > >On 7/19/07, Julian Bond wrote: > >> If an OpenID Consumer receives an email address in Attribute Exchange, > >> how much reliance can be placed on that email address actually being > >> real? > > > >None at all. Julian Bond wrote >This is kind of obvious. (doh!) Which is why I said "Is it common... for >OpenID Servers to validate email addresses before passing them on." > >So perhaps the real question here is whether it should become a >convention and recommendation to people running OpenID servers that they >should do that. Or perhaps a value added service they could offer to >differentiate themselves. So as a Consumer *if* I get a full set of >Attributes from MyValidatedOpenId.com I could rely on them. But if they >come from AnyOldOtherOpenID.com I'd just go through the normal signup >process. > >The reasoning behind this is questioning to what extent I can streamline >the signup process for a real world App using OpenID. If I don't need >any validation at all, then I can have a zero signup like >twitterfeed.com or Twitterwhere.com. But most real world apps need to >know it's a real email address (for later spam marketing!) so your >advice to just pre-fill the normal signup form and continue the normal >signup process is well taken. Paul Tanner - Virtual Technologies From simon at simonwillison.net Fri Jul 20 04:09:18 2007 From: simon at simonwillison.net (Simon Willison) Date: Fri, 20 Jul 2007 12:09:18 +0100 Subject: Reliance on AX Email address In-Reply-To: References: Message-ID: On 7/20/07, Julian Bond wrote: > So perhaps the real question here is whether it should become a > convention and recommendation to people running OpenID servers that they > should do that. Or perhaps a value added service they could offer to > differentiate themselves. So as a Consumer *if* I get a full set of > Attributes from MyValidatedOpenId.com I could rely on them. But if they > come from AnyOldOtherOpenID.com I'd just go through the normal signup > process. A more general solution might be something more akin to botbouncer.com - which remembers if a given OpenID has passed a CAPTCHA test and exposes that fact through a simple API. The exact same service could be built for e-mail validation tests. It could be a little confusing for users though, since their "click to verify your account" e-mail would come from emailbouncer.com (or whatever it was called) rather than the initial site they were signing up to. From damnian at gmail.com Fri Jul 20 04:40:14 2007 From: damnian at gmail.com (Dmitry Shechtman) Date: Fri, 20 Jul 2007 14:40:14 +0300 Subject: Reliance on AX Email address In-Reply-To: References: Message-ID: <00de01c7cac2$c922b670$b0db17ac@a9a181c8860745f> > A more general solution might be something more akin to botbouncer.com > - which remembers if a given OpenID has passed a CAPTCHA test and > exposes that fact through a simple API. How about something like botbouncer.com, but without a CAPTCHA? Regards, Dmitry =damnian From shugo at ruby-lang.org Wed Jul 25 00:27:37 2007 From: shugo at ruby-lang.org (Shugo Maeda) Date: Wed, 25 Jul 2007 16:27:37 +0900 Subject: embedded expression not evaluated on ruby-openid-2.0 Message-ID: <46A6FB69.50803@ruby-lang.org> Hi, An embedded expression seems not to be evaluated on ruby-openid-2.0. How about this patch? diff -rN -u old-openid-2.0/lib/openid/consumer.rb new-openid-2.0/lib/openid/consumer.rb --- old-openid-2.0/lib/openid/consumer.rb 2007-07-25 16:26:06.944664936 +0900 +++ new-openid-2.0/lib/openid/consumer.rb 2007-07-25 16:26:07.352688802 +0900 @@ -534,7 +534,7 @@ if code == SUCCESS return SuccessResponse.new(consumer_id, query) else - return FailureResponse.new(consumer_id, 'check_auth failed: #{msg}') + return FailureResponse.new(consumer_id, "check_auth failed: #{msg}") end end From rubys at intertwingly.net Wed Jul 25 06:09:54 2007 From: rubys at intertwingly.net (Sam Ruby) Date: Wed, 25 Jul 2007 09:09:54 -0400 Subject: JanRain python-openid-1.2.0 and 404 on openid.server Message-ID: <46A74BA2.5050203@intertwingly.net> JanRain python-openid-1.2.0 doesn't appear to gracefully recover from 404 responses to requests made to the indicated openid.server. Details (and patch) here: http://intertwingly.net/blog/2007/07/25/JanRain-python-openid-1-2-0-and-404-on-openid-server - Sam Ruby From shugo at ruby-lang.org Wed Jul 25 19:39:19 2007 From: shugo at ruby-lang.org (Shugo Maeda) Date: Thu, 26 Jul 2007 11:39:19 +0900 Subject: ruby/openid-2.0: test/message.rb fails Message-ID: <46A80957.7090107@ruby-lang.org> Hi, test/message.rb fails on ruby/openid-2.0. I've attached a patch to fix it. $ ruby -I lib test/message.rb Loaded suite test/message Started ..................................F......E....................................................................................................................F...... Finished in 0.186787 seconds. 1) Failure: test_to_url(EmptyMessageTestCase) [test/message.rb:30]: <"http://base.url/"> expected but was <"http://base.url/?">. 2) Error: test_iteration(NamespaceMapTestCase): ArgumentError: wrong number of arguments (0 for 1) test/message.rb:617:in `add' test/message.rb:617:in `test_iteration' test/message.rb:614:in `each' test/message.rb:614:in `test_iteration' 3) Failure: test_to_url(OpenID2MessageTest) [test/message.rb:428:in `_test_urlencoded' test/message.rb:442:in `test_to_url']: <"openid.error=unit+test&openid.mode=error&openid.ns=http%3A%2F%2Fopenid.net%2Fspecs%2F2.0%2Fbase&xey=value"> expected but was <"openid.mode=error&xey=value&openid.error=unit+test&openid.ns=http%3A%2F%2Fopenid.net%2Fspecs%2F2.0%2Fbase">. 165 tests, 231 assertions, 2 failures, 1 errors excelsior:openid-2.0$ darcs pull Pulling from "http://www.openidenabled.com/resources/repos/ruby/openid-2.0/"... No remote changes to pull in! -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ruby-openid-message-test.diff Url: http://lists.openidenabled.com/pipermail/dev/attachments/20070726/fe6fdc29/attachment.diff From angel.calvo at centic.es Thu Jul 26 01:43:18 2007 From: angel.calvo at centic.es (Angel Luis Calvo Ortega) Date: Thu, 26 Jul 2007 10:43:18 +0200 Subject: PHP Standalone OpenID Server and nonces Message-ID: <46A85EA6.9040901@centic.es> Hello, I've been using the PHP OpenID Server and I'm very pleased. However when my consumer insert a nonce into the return URL, the receiving URL is wrong :( In fact, this received URL has several attributes openid.rpnonce, and attribute openid.return_to doesn't match with my return URL. Is the problem in PHP server or PHP OpenId library? Or in my consumer? Thanks. -- ?ngel Luis Calvo Ortega CENTIC C/ Condes de Barcelona, 5. 2? planta 30007 - Murcia. Spain Telef: + 34 968 96 44 00. Fax: + 34 968 96 44 01 Mail: angel.calvo at centic.es www.centic.es From eran at hammer-lahav.net Thu Jul 26 18:59:02 2007 From: eran at hammer-lahav.net (Eran Hammer-Lahav) Date: Thu, 26 Jul 2007 21:59:02 -0400 Subject: Differentiating between User Identifier and OP Identifier Message-ID: <023601c7cff1$b4ddc810$1e995830$@net> I am working on an OpenId 2.0 RP implementation in C++ for a web service I am developing. The idea is to use OpenId to authenticate users' access to the API which is used to build micro-blogging sites on top of the framework. Due to the nature of the platform, I am forced to implement the RP logic from scratch. The C++ libraries found are all 1.1. This question is based on the latest draft of OpenID Authentication 2.0 (11). Section 2 describe the User-Supplied Identifier, and section 3 bullet 2 provided the workflow, allowing users to provide a user ID or a server ID. Section 7.3.1 provides a little more information but not much. The document is not very clear about the difference and how to decide what ID the user supplied. It is critical as the end of section 7.3.1 requires special value of the id fields to be used to a server Id. If the ID leads to a XRDS document, I am guessing that if that document contains an OP Identifier element, it might mean that this is a server Id, but what if it also contains a claimed Id element? Is that not allowed? And in that case, is the Canonical Id ignored for server Ids? But this theory only works for XRDS discovery. What about HTML discovery? Can anyone help clarify this? Thanks, Eran Hammer-Lahav Hueniverse, LLC http://hueniverse.com Hueniverse - adventures in micro-blogging -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070726/df3190a7/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 12362 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070726/df3190a7/attachment-0001.obj From julian_bond at voidstar.com Fri Jul 27 06:06:40 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Fri, 27 Jul 2007 14:06:40 +0100 Subject: OpenID Consumers Message-ID: http://del.icio.us/tag/openidconsumer See Also http://simonwillison.net/2006/Dec/19/openid/ How to turn your blog in to an OpenID -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From julian_bond at voidstar.com Mon Jul 30 00:04:08 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Mon, 30 Jul 2007 08:04:08 +0100 Subject: Recipes for OpenID Server enabling an existing site Message-ID: On the consumer side there's http://www.plaxo.com/api/openid_recipe http://simonwillison.net/2006/Dec/19/openid/ Is there an equivalent recipe for adding OpenID Server functionality to an existing site? I had a brief look at the PHP-PEAR Server example and got it running. But integrating it into an existing user database and login system didn't leap out at me. I guess I should dig deeper. -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From julian_bond at voidstar.com Mon Jul 30 00:51:21 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Mon, 30 Jul 2007 08:51:21 +0100 Subject: Extending Simple Registration Extension Message-ID: Where is discussion about Extending Simple Registration Extension to include more data fields happening? -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From nocturn00 at gmail.com Mon Jul 30 01:48:12 2007 From: nocturn00 at gmail.com (Nocturn) Date: Mon, 30 Jul 2007 10:48:12 +0200 Subject: No service endpoints found on 2 different openid php servers Message-ID: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> I'm trying to set up an openid server for my domain. I'm trying the Drupal 4.7 OpenId server module on www.vsbnet.be and the PHP standalone server on openid.vsbnet.be. Both are installed and appear to be working from the interface, but when I try to use them anywhere, I get messages like 'no service endpoints found' or unable to discover server. What could be wrong? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070730/d80efb5e/attachment.htm From cygnus at janrain.com Mon Jul 30 15:50:44 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Mon, 30 Jul 2007 15:50:44 -0700 Subject: Extending Simple Registration Extension In-Reply-To: References: Message-ID: <20070730225044.GA5981@janrain.com> # Where is discussion about Extending Simple Registration Extension to # include more data fields happening? The idea is to use Attribute Exchange (an Emerging Technology) for that. For info on AX, see http://openid.net/specs.bml For more discussion, you can subscribe to the general at openid.net mailing list and/or read the archives. http://openid.net/mailman/listinfo/general Hope that helps! -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From cygnus at janrain.com Mon Jul 30 16:18:01 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Mon, 30 Jul 2007 16:18:01 -0700 Subject: No service endpoints found on 2 different openid php servers In-Reply-To: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> References: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> Message-ID: <20070730231801.GB5981@janrain.com> # Both are installed and appear to be working from the interface, but # when I try to use them anywhere, I get messages like 'no service # endpoints found' or unable to discover server. The Drupal module will only work with OpenID 2 relying parties, of which there are only a few right now. The module is not backwards compatible with OpenID 1, either, so you won't be able to use it with existing RPs. (Please file a bug for that to add one more voice!) The Drupal module is also using a strange value for the openid.delegate tag! In general, you can file bugs for the module at http://drupal.org/project/OpenID At any rate, the problem is that the identity page responses are 403 (not 200 as expected). The PHP standalone server responds to identity page requests with an error; evidently your Apache server is not running PHP as an Apache module (which is necessary for a function called by the code). That's a bug in the PHP code since it shouldn't make that assumption, but in the mean time you can change your configuration. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From julian_bond at voidstar.com Mon Jul 30 23:20:56 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Tue, 31 Jul 2007 07:20:56 +0100 Subject: Extending Simple Registration Extension In-Reply-To: <20070730225044.GA5981@janrain.com> References: <20070730225044.GA5981@janrain.com> Message-ID: Jonathan Daugherty Mon, 30 Jul 2007 15:50:44 ># Where is discussion about Extending Simple Registration Extension to ># include more data fields happening? > >The idea is to use Attribute Exchange (an Emerging Technology) for >that. For info on AX, see > > http://openid.net/specs.bml I don't see anything on that page about adding new fields to OpenID Simple Registration Extension 1.1 - Draft 1 -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From nocturn00 at gmail.com Mon Jul 30 23:29:21 2007 From: nocturn00 at gmail.com (Nocturn) Date: Tue, 31 Jul 2007 08:29:21 +0200 Subject: No service endpoints found on 2 different openid php servers In-Reply-To: <20070730231801.GB5981@janrain.com> References: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> <20070730231801.GB5981@janrain.com> Message-ID: <39ffc7b00707302329t6b57bd76s2e2f12f64d6fde3a@mail.gmail.com> 2007/7/31, Jonathan Daugherty : > > > The PHP standalone server responds to identity page requests with an > error; evidently your Apache server is not running PHP as an Apache > module (which is necessary for a function called by the code). That's > a bug in the PHP code since it shouldn't make that assumption, but in > the mean time you can change your configuration. > > -- > Jonathan Daugherty > JanRain, Inc. > irc.freenode.net: cygnus in #openid > cygnus.myopenid.com > Thanks for your answer! PHP is run via the cgi interface. The problem is that this is a webhost ( dreamhost.com) and I cannot change such settings (I can do a custom php.inifile, choose between PHP4 and 5 but no more). Is there any way arround this? Guy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070731/e6e5ad14/attachment.htm From kevin at janrain.com Tue Jul 31 10:34:12 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 31 Jul 2007 10:34:12 -0700 Subject: PHP Standalone OpenID Server and nonces In-Reply-To: <46A85EA6.9040901@centic.es> References: <46A85EA6.9040901@centic.es> Message-ID: <1185903252.5974.4.camel@localhost> On Thu, 2007-07-26 at 10:43 +0200, Angel Luis Calvo Ortega wrote: > In fact, this received URL has several attributes openid.rpnonce, and > attribute openid.return_to doesn't match with my return URL. Is it possible for you to give us full examples? Thanks, - Kevin From kevin at janrain.com Tue Jul 31 10:54:11 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 31 Jul 2007 10:54:11 -0700 Subject: Differentiating between User Identifier and OP Identifier In-Reply-To: <023601c7cff1$b4ddc810$1e995830$@net> References: <023601c7cff1$b4ddc810$1e995830$@net> Message-ID: <1185904451.5974.22.camel@localhost> On Thu, 2007-07-26 at 21:59 -0400, Eran Hammer-Lahav wrote: > I am working on an OpenId 2.0 RP implementation in C++ for a web > service I am developing. The idea is to use OpenId to authenticate > users? access to the API which is used to build micro-blogging sites > on top of the framework. Due to the nature of the platform, I am > forced to implement the RP logic from scratch. The C++ libraries found > are all 1.1. Hi Eran, Will you be able to make the source to this work available? Have you talked with the maintainers of libopkele about developing that project? C++ is not quite the hot language for web services these days, but I do know of at least a few other people who would be interested in that. > If the ID leads to a XRDS document, I am guessing that if that > document contains an OP Identifier element, it might mean that this is > a server Id, but what if it also contains a claimed Id element? Is > that not allowed? It doesn't make a heck of a lot of sense to advertise both an OP Identifier and Claimed Identifier at the same address. > And in that case, is the Canonical Id ignored for server Ids? I think you may ignore the CanonicalID for an OP Identifier service, because for authentication you really just need to verify the identifiers in the id_res response. I don't think CanonicalID of an OP Identifier plays in to that at all. If, however, your RP is storing table of OP Identifiers, I might be wrong about that. Let me know if you can think of such a case. > But this theory only works for XRDS discovery. What about HTML > discovery? The "HTML discovery" section of r347 says "HTML-Based discovery is only usable for discovery of Claimed Identifiers. OP Identifiers must be XRIs or URLs that support XRDS discovery." Cheers, - Kevin Turner -- keturn on https://pibb.com/go/openiddevelopment and irc.freenode.net#openid From kevin at janrain.com Tue Jul 31 11:17:57 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 31 Jul 2007 11:17:57 -0700 Subject: Recipes for OpenID Server enabling an existing site In-Reply-To: References: Message-ID: <1185905877.5974.45.camel@localhost> On Mon, 2007-07-30 at 08:04 +0100, Julian Bond wrote: > On the consumer side there's > http://www.plaxo.com/api/openid_recipe > http://simonwillison.net/2006/Dec/19/openid/ > > Is there an equivalent recipe for adding OpenID Server functionality to > an existing site? There are rants about why you shouldn't do such a thing. ;) It feels like there are already more providers than RPs out there. Choice of providers is good, but as a user finding that a half-dozen sites you're on provide you with an OpenID is not what you wanted. Being an OpenID provider is also a lot of responsibility to take on, as you're not just responsible for the data on your own site anymore, but for everywhere your users use their OpenID. Unless your mission is really focused on being an authentication provider, it's quite likely you're not going to want to keep up with new developments in the field. etc, etc... In general, dedicated authentication providers are good; authentication providers tacked on to other applications as an afterthought are less so. okay, ranting aside, It is also much easier to integrate a provider than a RP. (That is one of the reasons why we've seen many sites adopt that half of the protocol first.) You don't have to change your login system, you don't have to add many-to-one tables mapping OpenIDs to local accounts, you just have to add an OpenID endpoint somewhere, pass messages that come to that endpoint through to one of the OpenID libraries, and add a few lines to your users' profile pages to point to that endpoint. Some of these libraries have pretty decent documentation and examples already, but it may be that Simon or Joseph will work their tutorial magic on them in the future. -- keturn on https://pibb.com/go/openiddevelopment and irc.freenode.net#openid From kevin at janrain.com Tue Jul 31 11:20:16 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 31 Jul 2007 11:20:16 -0700 Subject: Extending Simple Registration Extension In-Reply-To: References: <20070730225044.GA5981@janrain.com> Message-ID: <1185906016.5974.48.camel@localhost> On Tue, 2007-07-31 at 07:20 +0100, Julian Bond wrote: > Jonathan Daugherty Mon, 30 Jul 2007 15:50:44 > ># Where is discussion about Extending Simple Registration Extension to > ># include more data fields happening? > > > >The idea is to use Attribute Exchange (an Emerging Technology) for > >that. For info on AX, see > > > > http://openid.net/specs.bml > > I don't see anything on that page about adding new fields to > OpenID Simple Registration Extension 1.1 - Draft 1 The Simple Registration Extension is unlikely to have new fields added to it; the limited field set is part of what keeps it "simple." Applications which have outgrown the simplicity of sreg will wish to adopt a more flexible and generic system, which is that the Attribute Exchange extension seeks to provide. -- keturn on https://pibb.com/go/openiddevelopment and irc.freenode.net#openid From eran at hammer-lahav.net Tue Jul 31 11:18:53 2007 From: eran at hammer-lahav.net (Eran Hammer-Lahav) Date: Tue, 31 Jul 2007 14:18:53 -0400 Subject: Differentiating between User Identifier and OP Identifier In-Reply-To: <1185904451.5974.22.camel@localhost> References: <023601c7cff1$b4ddc810$1e995830$@net> <1185904451.5974.22.camel@localhost> Message-ID: <000701c7d39f$404b83a0$c0e28ae0$@net> Hi Kevin, > Will you be able to make the source to this work available? Have you > talked with the maintainers of libopkele about developing that project? > C++ is not quite the hot language for web services these days, but I do > know of at least a few other people who would be interested in that. I did not talk to the libopkele maintainers but used their code as a reference for the initial work. I might be able to extract the OpenID 2.0 library but not likely before the end of the year due to a very tight schedule (my product is due to go into private beta in November). The code is somewhat integrated into the overall framework. But I will gladly help anyone trying to implement the specification. > I think you may ignore the CanonicalID for an OP Identifier service, > because for authentication you really just need to verify the > identifiers in the id_res response. I don't think CanonicalID of an OP > Identifier plays in to that at all. I just went through this on the specs list (thanks to their incredible patience). If the user entered an XRI identifier, and the XRDS document found does not contain an OP Identity Element, then the CanonicalID (After verifying authority - a step which is not complete yet in the specs) MUST be used as the claimed identifier. It is ignored in all other cases (XRDS via Yadis, or an XRDS with an OP Identifier Element). EHL From julian_bond at voidstar.com Tue Jul 31 11:46:59 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Tue, 31 Jul 2007 19:46:59 +0100 Subject: Extending Simple Registration Extension In-Reply-To: <1185906016.5974.48.camel@localhost> References: <20070730225044.GA5981@janrain.com> <1185906016.5974.48.camel@localhost> Message-ID: <02FAcAHjO4rGFAPh@jblaptop.voidstar.com> Kevin Turner Tue, 31 Jul 2007 11:20:16 >On Tue, 2007-07-31 at 07:20 +0100, Julian Bond wrote: >> Jonathan Daugherty Mon, 30 Jul 2007 15:50:44 >> ># Where is discussion about Extending Simple Registration Extension to >> ># include more data fields happening? >> > >> >The idea is to use Attribute Exchange (an Emerging Technology) for >> >that. For info on AX, see >> > >> > http://openid.net/specs.bml >> >> I don't see anything on that page about adding new fields to >> OpenID Simple Registration Extension 1.1 - Draft 1 > >The Simple Registration Extension is unlikely to have new fields added >to it; the limited field set is part of what keeps it "simple." >Applications which have outgrown the simplicity of sreg will wish to >adopt a more flexible and generic system, which is that the Attribute >Exchange extension seeks to provide. So is there any documentation yet about the Attribute Exchange Extension? because I can't see it on http://openid.net/specs.bml -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** From cygnus at janrain.com Tue Jul 31 13:48:44 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Tue, 31 Jul 2007 13:48:44 -0700 Subject: No service endpoints found on 2 different openid php servers In-Reply-To: <39ffc7b00707302329t6b57bd76s2e2f12f64d6fde3a@mail.gmail.com> References: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> <20070730231801.GB5981@janrain.com> <39ffc7b00707302329t6b57bd76s2e2f12f64d6fde3a@mail.gmail.com> Message-ID: <20070731204844.GA32308@janrain.com> # PHP is run via the cgi interface. The problem is that this is a # webhost ( dreamhost.com) and I cannot change such settings (I can do # a custom php.inifile, choose between PHP4 and 5 but no more). In src/render.php, replace $headers = apache_request_headers(); foreach ($headers as $header => $value) { if (($header == 'Accept') && preg_match("/application\/xrds\+xml/", $value)) { $serve_xrds_now = true; } } with if (array_key_exists('HTTP_ACCEPT', $_SERVER)) { $value = $_SERVER['HTTP_ACCEPT']; if (preg_match("/application\/xrds\+xml/", $value)) { $serve_xrds_now = true; } } -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From nocturn00 at gmail.com Tue Jul 31 14:10:44 2007 From: nocturn00 at gmail.com (Nocturn) Date: Tue, 31 Jul 2007 23:10:44 +0200 Subject: No service endpoints found on 2 different openid php servers In-Reply-To: <20070731204844.GA32308@janrain.com> References: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> <20070730231801.GB5981@janrain.com> <39ffc7b00707302329t6b57bd76s2e2f12f64d6fde3a@mail.gmail.com> <20070731204844.GA32308@janrain.com> Message-ID: <39ffc7b00707311410t6a215cdfo5e1db7c84f7444f0@mail.gmail.com> 2007/7/31, Jonathan Daugherty : > > # PHP is run via the cgi interface. The problem is that this is a > # webhost ( dreamhost.com) and I cannot change such settings (I can do > # a custom php.inifile, choose between PHP4 and 5 but no more). > > In src/render.php, replace > > $headers = apache_request_headers(); > foreach ($headers as $header => $value) { > if (($header == 'Accept') && > preg_match("/application\/xrds\+xml/", $value)) { > $serve_xrds_now = true; > } > } > > with > > if (array_key_exists('HTTP_ACCEPT', $_SERVER)) { > $value = $_SERVER['HTTP_ACCEPT']; > if (preg_match("/application\/xrds\+xml/", $value)) { > $serve_xrds_now = true; > } > } Ok, thanks. It works for phpbb-openid, though I cannot use it on the openidenabled site yet, it gives: Error Type AssertionError Error Value Request made at 2007/07/31 14:09:34.897 GMT-7 > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070731/6b7ff64a/attachment.html From cygnus at janrain.com Tue Jul 31 14:53:41 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Tue, 31 Jul 2007 14:53:41 -0700 Subject: No service endpoints found on 2 different openid php servers In-Reply-To: <39ffc7b00707311410t6a215cdfo5e1db7c84f7444f0@mail.gmail.com> References: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> <20070730231801.GB5981@janrain.com> <39ffc7b00707302329t6b57bd76s2e2f12f64d6fde3a@mail.gmail.com> <20070731204844.GA32308@janrain.com> <39ffc7b00707311410t6a215cdfo5e1db7c84f7444f0@mail.gmail.com> Message-ID: <20070731215341.GB32308@janrain.com> # Ok, thanks. It works for phpbb-openid, though I cannot use it on # the openidenabled site yet, it gives: Error Type AssertionError # Error Value Request made at 2007/07/31 14:09:34.897 GMT-7 According to the response I see in the OpenID test tool at http://www.openidenabled.com/resources/openid-test/ your PHP configuration does not support large number math with either the bcmath or the GMP extension. One of those is required to run an OpenID server. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From asher at asherwolf.com Tue Jul 31 19:29:15 2007 From: asher at asherwolf.com (Asher Wolfstein) Date: Tue, 31 Jul 2007 20:29:15 -0600 Subject: Questions about JanRain PHP Message-ID: First thing I've noticed is that on line 522 of PEAR/Auth/OpenID/ Server.php -> $ml =& Auth_OpenID_getMathLib(); ... that $ml is not used in the rest of the function answer($assoc). Is there a reason it's there? Other than that... Using JanRain's PHP OpenID library from openidenabled.com I've been trying to figure something out. There is a MySQL database installed with three tables oid_associations, oid_nonces, and oid_settings. Using the server example that comes with the library, the oid_associations table gets used. But even when using the consumer example that comes with the library, the oid_settings tables SEEM to me to not get used. Am I wrong? So I investigated: In my case I'm using MySQLStore.php so... ->$sql[] ---- 'create_auth' -> INSERT INTO oid_settings VALUES ( 'auth_key', ! ) 'get_auth' -> SELECT value FROM oid_settings WHERE setting = 'auth_key' SQLStore.php -> reset() ... DELETE FROM oid_settings Starting with nonce: SQLStore.php Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore getAuthKey() is inherited line 358, _get_auth() uses $this->sql['get_auth'] line 366, _create_auth($str) uses $this->sql['create_auth'] line 372, getAuthKey() uses $this->_get_auth() line 378, getAuthKey() uses $this->_create_auth($auth_key_s) What is the purpose of getAuthKey()? I found something about tokens, but I don't understand what that means. Any help would be appreciated, Asher From kevin at janrain.com Tue Jul 31 20:01:19 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 31 Jul 2007 20:01:19 -0700 Subject: Extending Simple Registration Extension In-Reply-To: <02FAcAHjO4rGFAPh@jblaptop.voidstar.com> References: <20070730225044.GA5981@janrain.com> <1185906016.5974.48.camel@localhost> <02FAcAHjO4rGFAPh@jblaptop.voidstar.com> Message-ID: <1185937279.5974.50.camel@localhost> On Tue, 2007-07-31 at 19:46 +0100, Julian Bond wrote: > So is there any documentation yet about the Attribute Exchange > Extension? http://openid.net/specs/openid-attribute-exchange-1_0-05.html From kevin at janrain.com Tue Jul 31 21:18:15 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 31 Jul 2007 21:18:15 -0700 Subject: ruby/openid-2.0: test/message.rb fails In-Reply-To: <46A80957.7090107@ruby-lang.org> References: <46A80957.7090107@ruby-lang.org> Message-ID: <1185941895.5974.55.camel@localhost> On Thu, 2007-07-26 at 11:39 +0900, Shugo Maeda wrote: > Hi, > > test/message.rb fails on ruby/openid-2.0. > I've attached a patch to fix it. Thank you for the patches, they have now been applied. -- keturn on https://pibb.com/go/openiddevelopment and irc.freenode.net#openid