Greg,<br><br>If the URLs you included are really copied straight out of the browser URL bar, then your OP is failing to URL encode the parameters at all, it seems. For instance: "http://" should <i>never</i> show up in the query string. Instead it should be encoded as "http%3a%2f%2f" on the URL so that the receiving server can decode the URL and get "http://" back. Yes, your assoc_handle value is especially full of these special characters that should be encoded, and the & it includes is just one of them, and a good example of why encoding is so necessary.<br>
<br>Now on the note you were originally bringing up, I believe the Janrain libraries store the return_to URL value that they are expecting in a session variable, so that if the OP doesn't send back the same return_to URL parameter it fires an error (that's beyond the scope of the spec, but anyway). If you encode your URL properly, Janrain will probably be able to read the correct return_to arg out of your URL and this may fix the problem you're seeing.<br clear="all">
<br>Andrew Arnott
<br><br><div class="gmail_quote">On Wed, Jun 11, 2008 at 9:01 AM, Greg Byrd <<a href="mailto:gbyrd@ncsu.edu">gbyrd@ncsu.edu</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
I've been using the PHP live RP demo to test an OP that I'm developing. (Thanks<br>
for providing this service, by the way!) I keep getting the following response<br>
from the RP:<br>
<br>
OpenID authentication failed: return_to does not match return URL. Expected<br>
<a href="http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php" target="_blank">http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php</a>,<br>
got<br>
<a href="http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15:46:12ZUS6f2P" target="_blank">http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15:46:12ZUS6f2P</a><br>
<br>
(Of course, the nonce changes each time.)<br>
<br>
Here's the redirect URL, copied from the Firefox navigator bar:<br>
<br>
<a href="http://openidenabled.com/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.signed=return_to,claimed_id,identity,op_endpoint,response_nonce,assoc_handle&openid.assoc_handle=0v%605e*g&0gy@LGP%210lNT7s%5Brq*%22C/%7B%29qX" target="_blank">http://openidenabled.com/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.signed=return_to,claimed_id,identity,op_endpoint,response_nonce,assoc_handle&openid.assoc_handle=0v%605e*g&0gy@LGP!0lNT7s[rq*%22C/{)qX</a>^5%2Oi$^%220=%60VuH;Od'QhNZ7aP;1j1(&openid.op_endpoint=<a href="http://gbyrd.ece.ncsu.edu:8080/TokenService/services/OpenID&openid.identity=gbyrd&openid.return_to=http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.claimed_id=http://www.cesr.ncsu.edu/gbyrd/&openid.sig=eMCGp32HPF6QlGSM10ssnmB7t0Y=&openid.mode=id_res&openid.response_nonce=2008-05-11T15:46:24ZUNIQUE" target="_blank">http://gbyrd.ece.ncsu.edu:8080/TokenService/services/OpenID&openid.identity=gbyrd&openid.return_to=http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.claimed_id=http://www.cesr.ncsu.edu/gbyrd/&openid.sig=eMCGp32HPF6QlGSM10ssnmB7t0Y=&openid.mode=id_res&openid.response_nonce=2008-05-11T15:46:24ZUNIQUE</a>^cGG,1%3EP$PB1r#_%}fF_A$;9]-CaS&openid.ns=<a href="http://specs.openid.net/auth/2.0" target="_blank">http://specs.openid.net/auth/2.0</a><br>
<br>
The janrain_nonce field is clearly there, along with the openid.* parameters.<br>
Am I formatting something incorrectly? (I just noticed that there's an<br>
ampersand ('&') in my assoc_handle. Could this be a problem? I ran the redirect<br>
URL string through an encoding routine.)<br>
<br>
<br>
...Greg Byrd, NC State Univ.<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Dev mailing list<br>
<a href="mailto:Dev@lists.openidenabled.com">Dev@lists.openidenabled.com</a><br>
<a href="http://lists.openidenabled.com/mailman/listinfo/dev" target="_blank">http://lists.openidenabled.com/mailman/listinfo/dev</a><br>
</blockquote></div><br>