[cl-openid-ticket] #9: Verifying the Return URL error
cl-openid
cl-openid-devel at common-lisp.net
Sun Jul 20 17:30:43 UTC 2008
#9: Verifying the Return URL error
------------------------+---------------------------------------------------
Reporter: avodonosov | Owner: mpasternacki
Type: defect | Status: new
Priority: major | Milestone: HTTP client portability
Component: code | Version: 0.5 nonportable
Keywords: |
------------------------+---------------------------------------------------
OpenID authentication 2.0, 11.1. "Verifying the Return URL".
RP must verify that URI of "openid.return_to" parameter in the assertion
matches the URI of the current request.
But we verify this parameter against the "openid.return_to" passed to
OP during authentication request.
Note. puri:uri= compares URI queries literally, but we must ensure
that 'Any query parameters that are present in the "openid.return_to" URL
MUST also be present with the same values in the URL of the HTTP
request the RP received.' (because OP adds another parameters to
the URI to form the assertion).
--
Ticket URL: <http://trac.common-lisp.net/cl-openid/ticket/9>
cl-openid <http://common-lisp.net/project/cl-openid>
cl-openid
More information about the cl-openid-ticket
mailing list