response

1 files changed, 20 insertions, 0 deletions

diff --git a/doc/index/openid/discussion.mdwn b/doc/index/openid/discussion.mdwn
index ae614e5ac..d692bf011 100644
--- a/doc/index/openid/discussion.mdwn
+++ b/doc/index/openid/discussion.mdwn
@@ -26,4 +26,24 @@ do=postsignin&oic.time=1238224497-1450566d93097caa707f&openid.assoc_handle=%7BHM
 
 The `return_to` arg should NOT be `signed`, it should be the originating URL where you initially logged in.
 
+> I think you're confusing 'openid.return_to' with 'return_to'. The
+> former is present above, and is, indeed, the originating url, the latter
+> is part of the *value* of the 'openid.signed' parameter generated by myopenid.com. --[[Joey]] 
+
 Also, I dunno what the assoc_handle is doing spitting out an arg like `{HMAC-SHA1}{49cdce76}{BhuXXw%3D%3D}` it should be processed further. I have the needed perl packages installed (latest for Lenny). Hrm, would endianness matter?
+
+> Again, this value is created by the openid server, not by ikiwiki.
+> I see the same HMAC-SHA1 when using myopenid, and completly different
+> things for other openid servers. (Ie, when using livejournal as an openid server,
+> `openid.assoc_handle=1239305290:STLS.QiU6zTZ6w2bM3ttRkdaa:e68f91b751`)
+> 
+> I'm fairly sure that is all a red herring.
+> 
+> So, when I was talking about reproducing the bug, I was thinking perhaps you could tell me what openid server you're using,
+> etc, so I can actually see the bug with my own eyes.
+>
+> The sanitised url parameters you've provided are not generated by ikiwiki at all.
+> They don't even seem to be generated by the underlying [[!cpan Net::OpenID]] library.
+> I'm pretty sure that what you're showing me is the url myopenid redirects
+> the browser to after successfully signing in. At that point, ikiwiki
+> should complete the signin. What fails at this point? How can I reproduce this failure? --[[Joey]]