search

freddybarco / google-app-engine-samples

Automatically exported from code.google.com/p/google-app-engine-samples
0 stars 0 forks source link

openid-provider.appspot.com advertises OP 2.0 support but only offers 1.x #23

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Visit http://nerdbank.org/rp
2. Log in as any identifier hosted by openid-provider.appspot.com.

What is the expected output? What do you see instead?
Expected login success.

Actual: login fails.

Visit http://nerdbank.org/rp/tracepage.aspx and inspect the logs.  Note how 
the Provider is sending all OpenID 1.0 messages although the identifier you 
logged in with advertises OpenID 2.0 support, which causes the identifier 
positive assertion failure.

Original issue reported on code.google.com by andrewar...@gmail.com on 13 Feb 2009 at 3:17

GoogleCodeExporter commented 8 years ago 
According to the OpenID 2.0 spec referenced below, it looks like no 2.0 RPs 
should 
ever allow positive assertions from this Provider because the discovered OpenID 
version is different from the OP endpoints actual supported version.
http://openid.net/specs/openid-authentication-2_0.html#verify_disco

Please consider this a high priority fix!

Original comment by andrewar...@gmail.com on 13 Feb 2009 at 3:43