I read the 2.0 spec to indicate that the assoc_type parameter is required. DotNetOpenAuth rejects associate requests that are missing this parameter.
-- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre 2011/6/24 Paul E. Jones <[email protected]> > VZ, > > In my implementation, I default to HMAC_SHA1 if it's 1.1, but I select no > default if its 2.0: > http://www.packetizer.com/security/openid/ > > I suspect that was my interpretation of the spec when I wrote the code. > > If the dh_* parameters are missing, I assume the defaults specified in the > spec. > > Paul > > > -----Original Message----- > > From: [email protected] [mailto:openid-specs- > > [email protected]] On Behalf Of Vlastimil Zíma > > Sent: Monday, June 06, 2011 11:30 AM > > To: [email protected] > > Subject: OpenID Authentication 2.0 spec clarification - does assoc_type > > have default value > > > > Hello, > > > > in OpenID specs 2.0 all request parameter are required unless opposite > > is said. Does it includes "openid.assoc_type" in association requests? > > It had default in specs 1.1, but it does not have one now. > > > > What is proper response to request without assoc_type? > > > > Parameters "openid.dh_modulus" and "openid.dh_gen" are not marked as > > optional as well, but they have default values mentioned in > > specification. > > > > Can someone clarify this, please? > > > > VZ > > > > _______________________________________________ > > specs mailing list > > [email protected] > > http://lists.openid.net/mailman/listinfo/openid-specs > > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs >
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
