Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins

Net-OpenID 2.0 Support

I've been working slowly on making Brad's Net::OpenID libraries for Perl support the 2.0 protocol. The consumer is now 95% there, though there are some remaining niggles including the fact that it doesn't currently work with Yahoo! because it fails to trim off the fragment part of the URL before doing the final verification sanity checks.

In the process of doing this I discovered that Yahoo!'s server implementation — the only implementation I know of that supports directed identity right now — will refuse to deal with relying parties that aren't running on port 80. My test RP runs on a random high port just because my port 80 is occupied by a real web server, but I had to do some proxy trickery to actually get Yahoo! to talk to me. I find this curious, since the OP never has to connect to the RP, so there's little reason to be fussy about the realm and return_to URLs.

The support in Net::OpenID::Server isn't even started yet. This is largely just because I've not got a satisfactory development/test environment for that set up yet.

You can watch progress on Six Apart's Trac instance for Net-OpenID if you are interested. There isn't really a mailing list for this stuff, sadly. The OpenID 2 development is going on in the "openid2" branch for now.


  • Moved to TypePad is now hosted on TypePad rather than LiveJournal. All of the old content remains over here in LiveJournal land, but those who are…

  • Moving the Goalposts

    In the few weeks since I published the first drafts of AtomActivity, ActivitySchema and friends several things have come about: FriendFeed is…

  • Activity Streams and Comment Aggregation

    One pain point that exists for activity streams right now is the dispersal of responses over various networks. When I post a blog entry like this…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.