While authenticating any site (including Stekeworvo) with AOL OpenID, it appears that you have any duplicate form You can specify the username, then enter a valid AOL user name / password on the AOL OpenID site, and the target web site (such as StackWorflow) will be told that the authentication is successful, but with the Fakee user name
My question is how should openID work, or is AOL doing something wrong or am I still misunderstanding?
I came to my own project, and after a few hours of debugging I decided to see if I can reproduce it on a well established site.
I went to Stackoverwork Flow, clicked on "Login", clicked on AOL logo and "asdf" entered as a user name took me to AOL OpenID site where I When I entered my real AOL username / password, I had returned to StackHowfortflow, who said:
Confirm OpenID OpenID does not have any account on stack overflow yet: http: / /openid.aol.com/asdf Create new account I clicked on "Create" and now has an account on "Stack Overflow" (sorry! I tried to delete it, but it is not visible).
It does not seem right ... and in my app, this means that I am using my users, the identifier can not be true / valid ... it is possible that immoral Enter the AOL OpenID user name to any person to come with Authenticate with a valid AOL username / password in the login box, and then access the other account on the target web site?
OpenID provider sites that come back to a unique identifier such as Google or Yahoo, this is not a problem.
Thanks for any suggestions ... this is driving me on my development efforts ...
Can you please try your test again? I believe the problem has been solved.
Comments
Post a Comment