开发者

AOL OpenID response too long

I've written an application using the DotNetOpenAuth library, which allows users to authenticate against a numbe开发者_运维技巧r of OpenID providers. All of them work fine except for AOL, which for one reason or another creates a return URL that is over 2200 characters long, a length that exceeds the maximum URL length (2048) for most browsers.

Has anyone experienced this? Is there a way to limit the number of parameters (in particular, the dnoa-specific parameters) being passed through to the provider?

The real problem is the "openid.return_to" parameter, which is a duplicate of the entire URL, but that's a problem with OpenID spec and consequently can't be easily rectified.

Thank you for the assistance, Garrett


The currently deployed AOL OpenID provider does not support the HTTP POST redirect method. A new version of the AOL OpenID provider that also supports OpenID 2.0 will be deployed in the next couple of weeks. However, in the mean time, it should be possible to use SREG and only ask for the attributes you need. I've successfully tested the SREG path with http://test-id.org and the SREG test.


You can pass in your own return_to value to DotNetOpenAuth. And if you don't pass in callback arguments that need to be signed, you shouldn't see too many dnoa.-prefixed parameters tacked onto that. If you're seeing more than you think is reasonable, attach the logs to your question and we can evaluate that.

In short though, AOL should probably be using HTTP POST instead of a 301 Redirect in this scenario.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜