Another dumb-mode PHP consumer demo

Taral taralx at gmail.com
Mon Jul 18 20:27:49 PDT 2005


On 7/18/05, Alan J Castonguay <codepoetica at gmail.com> wrote:
> In particular, should the consumer ever be running a
> base64(hmac(secret,data)) call, or just handing the data verbatim back
> to the OpenID server? I am currently doing the former, but I'm afraid
> I have little understanding of why.

One or the other, not both.

Either you have the secret, and can do base64(hmac(...)) to check the
proof yourself, or you don't, and post back to the server to
check_authentication.

-- 
Taral <taralx at gmail.com>
"Computer science is no more about computers than astronomy is about
telescopes."
    -- Edsger Dijkstra


More information about the yadis mailing list