views:

58

answers:

1

Evening all.

I'm implementing OpenID using the Zend Framework and Zend Auth. All is working fine except i'm a little worried that i might be storing an incorrectly modified OpenID against a user.

I'm in testing mode at the moment, so i'm authenticating using my own Yahoo! OpenID.

Yahoo! says my OpenID is this: "https://me.yahoo.com/a/myopenidstringhere"

But the returned value Zend is giving me is this:

"https://me.yahoo.com/a/myopenidstringhere#38e96"

  • note the #38e96 addition.

I'm worried that this "#38e96" addition to the string is a bug in the framework? Or is this addition correct and just part of the authentication process!?

Thanks

Jon

+5  A: 

Looks like the appended part is ok and should be used. See Yahoo's OpenID FAQ for developers:

OpenID identifiers can be recycled over time, and OpenID 2.0 specifies that OpenID Providers append URL fragments to the end of an OpenID URL as a generation identifier. The entire OpenID URL with the fragment, if present, should be used to identify the user. For instance, the following two OpenIDs are unique and represent different users: http://openid.example.com/username#aa http://openid.example.com/username#bb

Chris Williams
Thank you, perfect answer.
Jon Reeks