[cl-openid-ticket] Re: #12: openid.return_to verification based on realm, relying party discovery
cl-openid
cl-openid-devel at common-lisp.net
Fri Aug 15 11:43:02 UTC 2008
#12: openid.return_to verification based on realm, relying party discovery
---------------------------+------------------------------------------------
Reporter: mpasternacki | Owner: mpasternacki
Type: task | Status: assigned
Priority: major | Milestone: HTTP client portability
Component: code | Version: 0.5 nonportable
Resolution: | Keywords:
---------------------------+------------------------------------------------
Changes (by mpasternacki):
* status: new => assigned
Old description:
> [http://openid.net/specs/openid-authentication-2_0.html#realms 9.2.1.
> Using the Realm for Return URL Verification]
> [http://openid.net/specs/openid-authentication-2_0.html#rp_discovery 13.
> Discovering OpenID Relying Parties]
>
> Still unimplemented in OP.
New description:
[http://openid.net/specs/openid-authentication-2_0.html#realms 9.2.
Realms]
When present, the "openid.return_to" URL MUST match the
"openid.realm", or the OP MUST return an indirect error response (Indirect
Error Responses).
Comment:
RP discovery opened as a new bug, leave only return_to matching against
the realm here.
--
Ticket URL: <http://trac.common-lisp.net/cl-openid/ticket/12>
cl-openid <http://common-lisp.net/project/cl-openid>
cl-openid
More information about the cl-openid-ticket
mailing list