search

AlexKovic / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

Discovery of "OpenID.Live-INT.com" fails when parsing the Windows Live ID xrds #86

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Discover "OpenID.Live-INT.com"

What is the expected output? What do you see instead?

I would like the endpoint to be correctly discovered. Instead I get this
exception:

org.openid4java.discovery.DiscoveryException: 0x500: Claimed ID must be
present if delegated ID is used.
        at
org.openid4java.discovery.DiscoveryInformation.<init>(DiscoveryInformation.java:
105)

The XRDS is here:

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0"
         xmlns="xri://$xrd*($v*2.0)">
    <XRD>
        <Service priority="0">
            <Type>http://specs.openid.net/auth/2.0/server</Type>
            <URI>https://openid.live-int.com/OpenIDAuth.srf</URI>
            <LocalID>http://specs.openid.net/auth/2.0/identifier_select</LocalID>
        </Service>
    </XRD>
</xrds:XRDS>

I guess if the LocalID ==
http://specs.openid.net/auth/2.0/identifier_select it's legal not to send a
Claimed ID? The other consumers I've tried work with this XRDS.

Original issue reported on code.google.com by andrefcruz on 20 Feb 2009 at 6:31

GoogleCodeExporter commented 8 years ago 
diff --git a/src/org/openid4java/discovery/DiscoveryInformation.java
b/src/org/openid4java/discovery/DiscoveryInformation.java
index f79fbc9..dfda6b0 100644
--- a/src/org/openid4java/discovery/DiscoveryInformation.java
+++ b/src/org/openid4java/discovery/DiscoveryInformation.java
@@ -4,6 +4,8 @@

 package org.openid4java.discovery;

+import org.openid4java.message.AuthRequest;
+
 import java.net.URL;
 import java.io.Serializable;
 import java.util.Set;
@@ -101,7 +103,7 @@ public class DiscoveryInformation implements Serializable
         if (_opEndpoint == null)
             throw new DiscoveryException("Null OpenID Provider endpoint.");

-        if (_delegate != null && _claimedIdentifier == null)
+        if (_delegate != null && ! AuthRequest.SELECT_ID.equals(_delegate) &&
_claimedIdentifier == null)
             throw new DiscoveryException("Claimed ID must be present " +
                     "if delegated ID is used.");
     }

Original comment by andrefcruz on 23 Feb 2009 at 10:37

GoogleCodeExporter commented 8 years ago 
Re-reading the discovery section of the spec reveals that there is no 
requirement 
for the delegate ID to be absent under any circumstances -- just that a special 
value is used when an OP identifier is discovered.

Updated accordingly, fixed in rev565.

Original comment by Johnny.B...@gmail.com on 26 Feb 2009 at 8:16