Geek Answers Handbook

How does an OpenID client supposedly view an OpenID delegate?

I just noticed that stackoverflow had problems with my OpenID delegate, and I noticed that this was because my site did not use the <html> and <head> sections.

Now, although it's valid HTML, the question is, is it valid for finding OpenID delegates. The official materials that I could find on the website simply speak of the “main section” of the HTML document, which, however, is implicit by HTML4 / 5 standards.

I am now wondering if the error is in how I declared the delegate implementation or the OpenID implementation in stackoverflow.

Broken version:

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> <title>Index &raquo; Armin Ronacher</title> <link rel="openid.server" href="http://www.myopenid.com/server"> <link rel="openid.delegate" href="http://mitsuhiko.myopenid.com/"> <meta content="Zine" name="generator"> <!-- more link/meta stuff here --> <!-- page contents here --> <div class="header">

Working version:

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> <html> <head> <title>Index &raquo; Armin Ronacher</title> <link rel="openid.server" href="http://www.myopenid.com/server"> <link rel="openid.delegate" href="http://mitsuhiko.myopenid.com/"> <meta content="Zine" name="generator"> <!-- more link/meta stuff here --> </head> <!-- page contents here --> <div class="header"> <!-- at the very end of the page --> </html>
+4
source share
4 answers

I think the HTML page is supposed to have a HEAD tag. Most of them, even if it is not strictly required by some standards.

However, the OpenID standard looks to require its tags to be placed in the HEAD tag. Other sites discover your OpenID if it is not in HEAD?

+1
source

Error on your HTML page declaring a delegate. HTML and HEAD tags should be around the delegate tag for a very good security reason. If this was not necessary, many web pages, such as wikis and blog pages, could be grabbed by their identity by simply leaving a comment that included a specially crafted tag.

The "head section" referenced by OpenID is indeed a HEAD tag on an HTML page. Although I have not read all this wise thing, I would be surprised if the HTML specification itself did not limit the surrounding HTML tag and that all META tags should be in the HEAD tag. In my opinion, the OpenID specification does not contain detailed information about all HTML requirements, since it is an OpenID specification, not HTML, but the "head section" is a link to the HTML specification, just like it refers to many other specifications.

In conclusion, I believe that StackOverflow.com is doing everything right.

+1
source

I could only find on the website a conversation about the “chapter section” of an HTML document, which, however, is implicit by HTML4 / 5 standards.

Where did you find this? I looked for standards and did not find mention of the "head section" (he talks about the "head element"); the closest I came to a broader search is that most implementations do not require an explicit expression of <html> and <head> , but this was presented more as a case of generous acceptance of incompatible documents than as part of the standard.

0
source

I found this solution on getopenid.com:

"If you have a blog or homepage that you want to use as OpenID, you don’t need to configure the server! Just copy the following to the head of your HTML or XHTML and use this URL.

link rel = "openid.server" href = "http://getopenid.com/action/authenticate/"
link rel = "openid.delegate" href = "http://getopenid.com/YOURIDENTITY/"

Please note that you cannot use secure subscribers with this URL unless you have your own SSL server. Sites will also see you as a different person than when you directly use your identity with GetOpenID.com.

I think you should replace getopenid.com with your OpenID provider and YOURIDENTITY with your OpenID.

0
source

More articles:


All Articles