[cl-openid-devel] What happens after verification?
Maciek Pasternacki
maciej at pasternacki.net
Sun Jul 20 16:15:01 UTC 2008
On Sun, 2008-07-20 at 18:12 +0200, Maciek Pasternacki wrote:
> > when I say:
> >
> > (initiate-authorization "http://skypher.myopenid.com/"
> > "http://handler.tld/path"
> > "http://realm.tld/"
> > :immediate-p t)
> >
> > the redirect will return to http://handler.tld/IDx. How am I
> > supposed to catch this? I'd rather be redirected to the full
> > URI I specified and then pick up GET parameters or something.
>
>
> Use trailing slash:
> (initiate-authorization "http://skypher.myopenid.com/"
> "http://handler.tld/path/"
> "http://realm.tld/"
> :immediate-p t)
>
> This way, you'll get redirected to http://handler.tld/path/IDx -- that's
> how PURI:MERGE-URIS work. You are supposed to handle whole hierarchy
> under http://handler.tld/path/, and to pass IDx as POSTFIX parameter to
> HANDLE-OPENID-REQUEST, or get the ID by postfix as this function does:
>
> (handle-indirect-reply parameters (gethash (intern postfix :cl-openid.ids) *ids*))
>
> The GETHASH part will be eventually its own, exported function.
Update (I forgot to add this): I used URI postfix instead of GET
parameters because OpenID spec is not clear on how the OPs should treat
existing GET parameters in incoming "openid.return_to" fields. The GET
parameters might get lost or mangled, and the postfix is part of URI
path, so it will stay untouched.
--
-><- Maciej 'japhy' Pasternacki -><- http://www.pasternacki.net/ -><-
More information about the cl-openid-devel
mailing list