Re^2: Anyone have shareable code built with Net::OpenID::Server?

Thanks. That was a good hint. He upgraded the security around then to invalidate check_authentication requests in stateless mode. I *think* my bug is because the consumer is saying is keeping state but I'm running the provider as stateless so the check_auth phase always fails; but that's just a guess right now. I'm not sure how to get around it yet. I'm either going to try to create my own assoc_handle to hand off to the server or roll back the version to the lesser security until I can figure out how to add state correctly. I also applied your patch to my local version. Going forward, if you ever do, I think registering the namespace, like "sreg," with the server so it can autogenerate the check/add/param-pass stuff would work more generically for any OpenID extension. If I get this working and clean/secure enough to not be embarrassing, I'll post something.

Comment on Re^2: Anyone have shareable code built with Net::OpenID::Server?

Replies are listed 'Best First'.
Re^3: Anyone have shareable code built with Net::OpenID::Server? by jettero (Monsignor) on Sep 12, 2007 at 14:55 UTC
I considered an extension, but I couldn't think of a way to insert the param signings into that function without basically re-writing it in my "extension" module. It's a weirdly specialized need anyway, so linking to the patch is probably enough for now. -Paul	[reply]