Age | Commit message (Collapse) | Author | Files | Lines |
|
IIRC, previously, livejournal.com supplied empty op_endpoint URL. Now it
doesn't supply it at all. Dunno which breakage is better.
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
just don't treat those who supply empty op_endpoint as OpenID 2.0 providers
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
Thanks to Jim Downing for spotting it!
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
* changed {checkid,id_res}_hook to {rp,op}_{checkid,id_res}_hook
* deprecated older hooks, although implemented it in sreg and chain extensions
* added extension processing to basic_op
* added sreg to test OP
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
generatlized checkauth_message_proxy and added it to util namespace. To be
later used for constructing setup url in 1.0 checkid_immediate reply.
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
Reject associate replies returning secret of inconsistent with association type
length. This way severely broken OPs which return SHA1 association as SHA256
will still work in dumb mode.
Signed-off-by: Michael Krelin <hacker@klever.net>
|
|
Signed-off-by: Michael Krelin <hacker@klever.net>
|