ParameterList.createFromKeyValueForm fails on blank lines

[GoogleCodeExporter]

I tested openid4java with the newly releases OpenID provider orange
(openid.orange.fr).

The content returned by Orange when verifying an auth is:

\r\n\r\nis_valid:true\n

and this makes ParameterList.createFromKeyValueForm choke as it does not
ignore the blank lines and looks for ':' in them.

A quick fix would be to add '\r' to the list of delimiters and check if the
token size is 0 before looking for ':'.

Original issue reported on code.google.com by Mathias....@gmail.com on 26 Sep 2007 at 3:54

[GoogleCodeExporter]

Mathias,

The specification is quite strict about the key-value form:

"A message in Key-Value form is a sequence of lines. Each line begins with a 
key, 
followed by a colon, and the value associated with the key."

"A key or value MUST NOT contain a newline and a key also MUST NOT contain a 
colon."

"Additional characters, including whitespace, MUST NOT be added before or after 
the 
colon or newline. The message MUST be encoded in UTF-8 to produce a byte 
string."

http://openid.net/specs/openid-authentication-2_0-12.html#anchor4

If you are an Orange client it may help if you pointed this out to them.

Otherwise, if a workaround is desired for this it should be done at the 
application 
level, not in the library (i.e. sanitize the response message before passing it 
to 
the library).

Hope this helps.
Johnny

Original comment by Johnny.B...@gmail.com on 26 Sep 2007 at 5:35

[GoogleCodeExporter]

Thanks for pointing out the specific spec part. I forwarded the issue concerning
their response to Orange.

Original comment by Mathias....@gmail.com on 26 Sep 2007 at 7:22

[GoogleCodeExporter]

Original comment by Johnny.B...@gmail.com on 11 Oct 2007 at 4:45

• Changed state: Invalid