Issue 52: Response validation fails with MyOpenId
Status:  New
Owner: ----
Reported by kAlvaro, Oct 26, 2011
When using myopenid.com as provider, the response validation performed by LightOpenID will fail under certain conditions.

It seems to fail when I request the "namePerson" attribute and the value sent by the server contains a non-ASCII character (such as "Á"). However, it only happens for certain attribute combinations, e.g.:

$openid->optional = array(
	'contact/email',
	'namePerson/friendly',
	'namePerson',
	'person/gender',
	'contact/country/home',
	'pref/language',
	'pref/timezone',
	'media/image/default',
	'media/image/aspect11',
	'media/image/aspect43',
	'media/image/aspect34',
	'media/image/favicon',
);

My consumer site is using UTF-8 all around and so does MyOpenID.

Testing with "Á" (a 2-byte UTF-8 string), I've checked that at LightOpenID::validate(), right before $this->request(...), the $params['openid.sreg.fullname'] variable contains 4 bytes instead of 2. So it's normal that validation fails.

I'm not sure about how to check at which point the full name gets mangled. In the final POST request, $_POST['openid_sreg_fullname'] is already corrupted: string(4) "Á"

Other providers like Yahoo don't show such problem.




Oct 26, 2011
#1 kAlvaro
Sorry, it's possibly a duplicate of  bug #47  but I didn't see it because I only searched open bugs.