When you are logging in a user using OpenID, do you perform any validation on the OpenID URI (or identifier)? Or do you just let the library handle it (like DotNetOpenAuth).
Asked
Active
Viewed 236 times
0
Andrew Arnott
- 80,040
- 26
- 132
- 171
Pablo Fernandez
- 279,434
- 135
- 377
- 622
-
Hey Pablo, if you like my answer, can you check it off as the accepted answer? – Andrew Arnott Aug 12 '09 at 06:22
1 Answers
5
DotNetOpenAuth handles all validation. Web sites that add validation are likely to needlessly break some OpenIDs (for example, when XRI support was added, those don't look like URLs, and a web site that tried to make it look like a URL would break XRIs).
Andrew Arnott
- 80,040
- 26
- 132
- 171