Getting unsigned ax attributes from an openid provider causes a "NoneType object has no attribute get" error

Question

Getting unsigned ax attributes from an openid provider causes a "NoneType object has no attribute get" error

bcap opened this issue 11 years ago · 2 comments

When dealing with openid ax atrributes, the consumer.py has a SuccessResponse.getSignedNS that returns the signed attributes or None is any of the signed attributes are not signed (link).

IMO this method should raise an exception or just return the signed ones. Returning None means that no attributes were signed at all and also fails when dealing with the result of this method, as instead of an empty array, you get None.

When an OpenID provider redirects to an url with present but unsigned ax attributes, the fromSuccessResponse will fail with a "NoneType object has no attribute get" as this line will try to get the current mode on a None object

Answer 1 · 2013-06-19T17:33:14.000Z

Also, according to the spec (section openid.signed), ax attributes MAY be signed or not, so the API should not fail when receiveing unsigned ax attributes:

openid.signed
Value: Comma-separated list of signed fields.

Note: This entry consists of the fields without the "openid." prefix that the signature covers. This list MUST contain at least "op_endpoint", "return_to" "response_nonce" and "assoc_handle", and if present in the response, "claimed_id" and "identity". Additional keys MAY be signed as part of the message.

Answer 2 · 2023-07-24T17:49:46.000Z

This repo is being archived. Closing issue.