check_authentication mode is weird
Brad Fitzpatrick
brad at danga.com
Tue Jun 14 07:24:21 PDT 2005
I implemented the check_authentication mode (the one for dumb consumers
that can't do caching or sha1, etc) but found it a little weird:
-- you're sending a bunch of params to the server in a request
but they look/feel like response parameters
-- there are just a ton of parameters
-- the signed attribute you send back will include "mode", but
the openid.mode in the token_contents isn't present, so
the server can only assume the mode is "id_res". so I had to do:
my $signed = $self->pargs("openid.signed") || "";
my $token = "";
foreach my $param (split(/,/, $signed)) {
...
my $val = $param eq "mode" ? "id_res" : $self->pargs("openid.$param");
...
$token .= "$param:$val\n";
}
See the special exception for mode? Gross. It also means we can't have a
signature checking mode in the future for non-"id_res" modes.
Options:
1) don't care. (easiest for dumb consumers) and then we just
add a new check mode in the future if we need it.
2) care, somehow. (probably not worth it?) I was thinking of
maybe making a generic "check_sig" mode where consumer just
sends "assoc_handle", "token", and "sig", and server just
responds "yes" or "no", but that requires consumers making
the token, concatenating it all.
Just wanted to note this, if anybody cares. I'd like to hear some "who
cares" responses too if you actually don't care.
- Brad
More information about the yadis
mailing list