LiveJournal consumer seems to fail with encoded urls

Adam Langley alangley at
Thu Jul 7 15:21:48 PDT 2005

On 7/7/05, Brad Fitzpatrick <brad at> wrote:
> Ick --- be sure you sign more than just issued!  You'll want to sign
> "return_to" and other things.  See what Net::OpenID::Server does.
> I was able to login to my local LJ install by slighly altering that URL,
> since the signature still matched (with your ruby server's
> check_authentication)

Ah, thank you. That's a very good point. Looking at the spec the
suggested list is:

But can a stateless server sign 'mode'? Since a signature from both
checkid_immediate and checkid_setup can be passed to
check_authentication, yet the openid.mode for check_authentication
isn't preserved.



Adam Langley                                      agl at                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60

More information about the yadis mailing list