LiveJournal consumer seems to fail with encoded urls

Brad Fitzpatrick brad at
Thu Jul 7 14:47:13 PDT 2005

On Thu, 7 Jul 2005, Adam Langley wrote:

> OpenID seemed to be a good excuse to try out Ruby on Rails. 24 hours
> later and I have a working server (will be live sometime soon).


> But in my travels it seems that LJ fails if elements in the redirect
> (specifically, return_to) are URL encoded.

Not exactly true.  What actually happened was that LJ's openid login page
checked that the value of openid.return_to was EXACTLY
"" and forgot that
Net::OpenID::Consumer adds some of its own state to it.  So I changed it
to a prefix match, as talkpost (for leaving comments on LJ) already did.

The fact that not encoding it made it work for you is because in that
case, the ? wasn't encoded, so LJ split on it, and everything else was

But LJ decodes the %xx fine.  Net::OpenID::* never gets near that.

> Here's an example of a redirect which causes LJ to say "invalid return_to"

Ick --- be sure you sign more than just issued!  You'll want to sign
"return_to" and other things.  See what Net::OpenID::Server does.

I was able to login to my local LJ install by slighly altering that URL,
since the signature still matched (with your ruby server's

- Brad

More information about the yadis mailing list