When you are logging in a user using OpenID, do you perform any validation on the OpenID URI (or identifier)? Or do you just let the library handle it (like DotNetOpenAuth).
From stackoverflow
-
DotNetOpenAuth handles all validation. Web sites that add validation are likely to needlessly break some OpenIDs (for example, when XRI support was added, those don't look like URLs, and a web site that tried to make it look like a URL would break XRIs).
0 comments:
Post a Comment