- Feb 14, 2013
-
-
anarcat authored
- Nov 20, 2012
-
-
anarcat authored
-
- Nov 17, 2012
- Mar 20, 2012
-
-
anarcat authored
-
- Mar 13, 2012
-
-
anarcat authored
-
- Mar 08, 2012
-
-
anarcat authored
-
- Mar 07, 2012
-
-
anarcat authored
1441586 by David_Rothstein: properly sign nickname and email since we send them out in auth_response
-
- Feb 01, 2012
- Jan 31, 2012
-
-
anarcat authored
-
anarcat authored
-
anarcat authored
this invalidates shared associations in verification responses
-
anarcat authored
-
anarcat authored
to prompt the user
-
anarcat authored
requets this may make some authentication requests fail as we now validate association requests
-
anarcat authored
this completes the implementation of 10.1... i think :)
-
anarcat authored
Conflicts: openid_provider.inc
-
anarcat authored
-
anarcat authored
this is actually useful on D6 too, as we remove warnings
-
- Jan 30, 2012
-
-
anarcat authored
-
anarcat authored
-
anarcat authored
we add openid.ns fields in responses that were missing some and clarify error messages
-
anarcat authored
-
anarcat authored
-
anarcat authored
we try to association functions with standard items we notice a lot of functions that are not called anywhere or not implemented properly
-
anarcat authored
this is faster because we do not have to build this huge form and send it to the client. this works because we are setting the nonce properly now
-
anarcat authored
-
anarcat authored
-
anarcat authored
this will lead to undefined results on a lot of RP that do not tolerate well duplicate data between POST and GET. Perl's CGI module is one of those. this commit therefore completely fixes logins with ikiwiki (#1158356). section 9.1 states that "Note: The return_to URL MAY be used as a mechanism for the Relying Party to attach context about the authentication request to the authentication response." I am interpreting this as "the OP SHOULD disregard the context within the return_to URL". with this commit, all RP I could test (Redmine, Ikiwiki, Stackoverflow and Drupal 6) work without a flaw, with HTTP or form redirection. I stay with form redirection for now to not mix things but this can be optimized later.
-
anarcat authored
this is a procedure from the standard (section 10) that was missing from our implementation to implement this, we refactor the association creation in a separate function that is now used in the authentication response this partly fixes logins with ikiwiki's Perl modules (#1158356), but will probably make the implementation private associations (#506530) easier.
-
- Jan 28, 2012
-
-
anarcat authored
we do this by cleaning up the generated form to make sure we only send data that ruby expects.
-
anarcat authored
for some reason we were adding stuff to the response here, this should be done outside of the function, and we now do so in openid_provider_unsolicited_assertion()
-
anarcat authored
-