Rails 2.0 w/ OpenID
Brian Cardarella
bcardarella at gmail.com
Mon Jan 14 10:00:10 PST 2008
I've come across an issue when trying to adapt the ServerController
from the example to a Rails 2.0 (specifically 2.0.2) project. The
issue is with how Rails 2.0 handles sessions.
When the RP talks to the Server a default Rails 2.0 setup is expecting
an AuthenticityToken consistent with the project's setup. Unless this
token is properly provided OpenID will fail. (sometimes with a
"missing endpoint"... sometimes with Error: 422)
To get around this add the following to the ServerController:
protect_from_forgery :except => [:index, :decision]
This will tell the server to not expect an AuthenticityToken for those
methods. However, this might also stop those methods from having
access to the session... haven't tested that yet.
Now, if you are just connecting the Consumer to the Server in the same
project of Rails 2.0 you won't have this issue. It happens when you
are trying to have two separate projects (thus having 2 different
authenticity tokens) talk to one another.
I hope this helps anybody that's run into this issue....
- Brian
More information about the Dev
mailing list