Another dumb-mode PHP consumer demo

Taral taralx at
Mon Jul 18 20:27:49 PDT 2005

On 7/18/05, Alan J Castonguay <codepoetica at> wrote:
> In particular, should the consumer ever be running a
> base64(hmac(secret,data)) call, or just handing the data verbatim back
> to the OpenID server? I am currently doing the former, but I'm afraid
> I have little understanding of why.

One or the other, not both.

Either you have the secret, and can do base64(hmac(...)) to check the
proof yourself, or you don't, and post back to the server to

Taral <taralx at>
"Computer science is no more about computers than astronomy is about
    -- Edsger Dijkstra

More information about the yadis mailing list