Modify

Opened 8 years ago

Closed 7 years ago

#1355 closed enhancement (invalid)

Trailing URL for OpenID username required

Reported by: trevor@… Owned by: cygnus
Priority: normal Component: OpenidPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

When adding an OpenID user to a project via trac-admin the fully-qualified URL with the trailing slash must be used. I would be nice if more options were provided -

Currently required:

http://chunky_bacon.myopenid.net/

Suggested additional optional formats:

With http and without trailing slash

http://chunky_bacon.myopenid.net

Without http and without trailing slash

chunky_bacon.myopenid.net

Also note this comment by DHH at http://www.loudthinking.com/arc/000606.html#comments

"I think I'm backed out of the idea of using http:// anyway because it means that the user name can't be reused for other types of authentication, such as http authentication on feeds or API."

Attachments (0)

Change History (3)

comment:1 Changed 8 years ago by anonymous

  • Owner changed from cygnus to anonymous
  • Status changed from new to assigned

The reason that the full URL is required is because it needs to be compared to the normalized version of the OpenID authentication as per the OpenID specification. Therefore, the normalized URL must be stored and used for comparison. Normalization for URLs with no paths means http:// and trailing slash, minimally.

comment:2 Changed 8 years ago by cygnus

  • Owner changed from anonymous to cygnus
  • Status changed from assigned to new

DHH should stop calling it a username; that partially solves the http:// problem. At any rate, the scheme is vital; https:// and http:// URLs aren't equivalent, so the scheme needs to be preserved.

comment:3 Changed 7 years ago by dalius

  • Resolution set to invalid
  • Status changed from new to closed

I agree here with cygnus. You can't make assumptions here that http and https identifies same user (while it might be true for 99% cases). Trailing slash is not problem as well. At least with AuthOpenIdPlugin trailing slash is always added if it is domain level openid login (e.g. http://blog.sandbox.lt). If OpenID URL contains path elements trailing slash can't be eliminated because it can mean different things with slash and without it.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.