Arguments passed with openid.mode=id_res incomplete?
brad at danga.com
Thu Jun 16 01:33:35 PDT 2005
On Thu, 16 Jun 2005, Martin Atkins wrote:
> Grant Monroe wrote:
> > On 6/15/05, Martin Atkins <mart at degeneration.co.uk> wrote:
> >>The server must retrieve the document from the identity URL again to
> >>discover the identity server URL. This step is important because
> >>otherwise I could have my identity server assert your identity. This
> >>extra bit of hoop-jumping ensures that the identity URL does indeed
> >>declare a particular identity server as trusted.
> > If this is the case, then this extra request should probably be added
> > to the spec.
> (I'm guessing you intended your reply to go to the list)
> The extra request isn't necessarily required. Many more beefy consumers
> will no doubt store some tracking information and put some kind of token
> in the return URL so that they don't have to retrieve the identity URL a
> second time.
> However, you're right that there should be some words about the
> different options consumers have for this point in the transaction.
Or will cache the identity URL document, as Net::OpenID::Consumer does, if
you give it a $cache object.
More information about the yadis