Skip to content


Annoying token_url problems when integrating RPX OpenID

I’ve been wanting to use an OpenID implementation in a website ever since Stack Overflow came out. Tonight I finally got around to it, and ended up going with RPX as my OpenID solution provider. I’m sure I could have coded an implementation myself, or used one of the several available libraries. In the end I decided that if I was going to offload my authentication, I may as well offload as much as I can, and seeing as RPX is free to start there was no harm.

The quick start guide to getting up and running seemed easy enough. Insert a small script section, and insert a link or embedded IFrame pointing to my personal RPX sign in page.

 HTML |  copy code |? 
1
2
<a class="rpxnow" href="https://mysite.rpxnow.com/openid/v2/signin?token_url=your_token_url">Sign In </a>
3
<script src="https://rpxnow.com/openid/v2/widget" type="text/javascript">
4
</script><script type="text/javascript">
5
    RPXNOW.overlay = true;
6
    RPXNOW.language_preference = 'en';
7
</script>
8

This is very easy and quick to implement, however it doesn’t work. The problem is that the parameter token_url is obviously a placeholder. The documentation is clear that the url needs to be properly encoded, so that should not be a problem.

http://www.mysite.com becomes:

http%3a%2f%2fwww.mysite.com

Great! But it still fails. I came up with 2 things that needed to change that were not in the documentation. In my RPX settings there is a section where you need to list all approved token_url domains, except it doesn’t go by domain name. It seems to do a string compare to the site you pass in, meaning that if I added “mysite” or “mysite.com” in my settings page, I cannot use “http://www.mysite.com” because neither of the 2 previous examples have “www.” in front of them.

So I’ve made sure the text matches completely. Great! Too bad it still fails. This next one took me a while to figure out. After a lot of digging around, and some trial and error, I discovered that it expects an extra “/” encoded at the end of the url. 

http%3a%2f%2fwww.mysite.com%2f

They definitely need to add this crap to the documentation.


Kick It on DotNetKicks.com

Posted in Web.

Tagged with , , , .


2 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Brian Ellin says

    Hi Chris,

    Apologies for the bumps in the road with your RPX implementation. This is great feedback, and as we build out our new quick start guide we are addressing both of the issues you mentioned. Just wanted to let you know that we’re workin’ on it.

    Cheers,
    Brian Ellin
    RPX Product Manager

  2. Chris Kugler says

    Thanks for the response Brian. I really love the service and what you guys at RPX have done to help the OpenId Initiative. I’ve only started with my implementation of your service, but if I run into any more problems that the documentation doesn’t quite cover I’ll be sure to put something up here and at the user support forum to help others that run into the same issues.



Some HTML is OK

or, reply to this post via trackback.



Get Adobe Flash player