LiveJournal consumer seems to fail with encoded urls
brad at danga.com
Thu Jul 7 14:47:13 PDT 2005
On Thu, 7 Jul 2005, Adam Langley wrote:
> OpenID seemed to be a good excuse to try out Ruby on Rails. 24 hours
> later and I have a working server (will be live sometime soon).
> But in my travels it seems that LJ fails if elements in the redirect
> (specifically, return_to) are URL encoded.
Not exactly true. What actually happened was that LJ's openid login page
checked that the value of openid.return_to was EXACTLY
"http://www.livejournal.com/openid/login.bml" and forgot that
Net::OpenID::Consumer adds some of its own state to it. So I changed it
to a prefix match, as talkpost (for leaving comments on LJ) already did.
The fact that not encoding it made it work for you is because in that
case, the ? wasn't encoded, so LJ split on it, and everything else was
But LJ decodes the %xx fine. Net::OpenID::* never gets near that.
> Here's an example of a redirect which causes LJ to say "invalid return_to"
Ick --- be sure you sign more than just issued! You'll want to sign
"return_to" and other things. See what Net::OpenID::Server does.
I was able to login to my local LJ install by slighly altering that URL,
since the signature still matched (with your ruby server's
More information about the yadis