Re: Anyone have shareable code built with Net::OpenID::Server?

I have gotten it to work before, but it later broke again.

I was particularly unwilling to live without sreg and sent this patch to Brad Fitzpatrick many times. He doesn't respond or use it, but the last time I tried it worked with his april 2007 0.11 version also.

I know that I have gotten it to work in both 0.10 and 0.11, and the secret is to just stick with it. It takes some patience to get working. I can share a test consumer with you if you need it — and you're welcome to test against the login on my site all day and all night. While I was writing that I noticed that openid and noscript don't work well together. Make sure that's disabled while test.

In any case, if you do get something working, I encourage you to post it as a meditation or a code snippet or whatever.

-Paul

Comment on Re: Anyone have shareable code built with Net::OpenID::Server?

Replies are listed 'Best First'.
Re^2: Anyone have shareable code built with Net::OpenID::Server? by Anonymous Monk on Sep 12, 2007 at 14:34 UTC
Thanks. That was a good hint. He upgraded the security around then to invalidate check_authentication requests in stateless mode. I think my bug is because the consumer is saying is keeping state but I'm running the provider as stateless so the check_auth phase always fails; but that's just a guess right now. I'm not sure how to get around it yet. I'm either going to try to create my own assoc_handle to hand off to the server or roll back the version to the lesser security until I can figure out how to add state correctly. I also applied your patch to my local version. Going forward, if you ever do, I think registering the namespace, like "sreg," with the server so it can autogenerate the check/add/param-pass stuff would work more generically for any OpenID extension. If I get this working and clean/secure enough to not be embarrassing, I'll post something.	[reply]
Re^3: Anyone have shareable code built with Net::OpenID::Server? by jettero (Monsignor) on Sep 12, 2007 at 14:55 UTC
I considered an extension, but I couldn't think of a way to insert the param signings into that function without basically re-writing it in my "extension" module. It's a weirdly specialized need anyway, so linking to the patch is probably enough for now. -Paul	[reply]