It’s just data

JanRain python-openid-1.2.0 and 404 on openid.server

I got a report from Bob Aman that my “blog broke”, along with the following traceback:

traceback:Traceback (most recent call last):
 File "gateway.cgi", line 39, in ?
   post(url)
 File "/home/rubys/mombo/post.py", line 418, in post
   {'name': param('name'), 'url': param('url'), 'email': param('email'),
 File "/home/rubys/mombo/identity.py", line 18, in lookup
   request = server.begin(id)
 File "/home/rubys/python-openid-combo-20061208/python-openid-1.2.0/openid/consumer/consumer.py",
line 308, in begin
   return self.beginWithoutDiscovery(service)
 File "/home/rubys/python-openid-combo-20061208/python-openid-1.2.0/openid/consumer/consumer.py",
line 331, in beginWithoutDiscovery
   auth_req = self.consumer.begin(service)
 File "/home/rubys/python-openid-combo-20061208/python-openid-1.2.0/openid/consumer/consumer.py",
line 423, in begin
   assoc = self._getAssociation(service_endpoint.server_url)
 File "/home/rubys/python-openid-combo-20061208/python-openid-1.2.0/openid/consumer/consumer.py",
line 627, in _getAssociation
   assoc = self._parseAssociation(
 File "/home/rubys/python-openid-combo-20061208/python-openid-1.2.0/openid/consumer/consumer.py",
line 654, in _parseAssociation
   assoc_type = results['assoc_type']
TypeError: unsubscriptable object

A quick search turns up nothing.

Checking Bob’s server, I find:

<link rel="openid.server" 
      href="http://sporkmonger.pip.verisignlabs.com/server/" />
<link rel="openid.delegate" 
      href="http://sporkmonger.pip.verisignlabs.com/" />

The server URI provided returns a 404, presumably as the result of a configuration error.  It seems likely that https://pip.verisignlabs.com/server was what is intended.  In any case, JanRain Python OpenId 1.2.0 responds rather poorly to this situation, and the following patch works around this bug:

--- openid/consumer/consumer.base       2007-07-25 08:50:10.000000000 -0400
+++ openid/consumer/consumer.py 2007-07-25 08:50:21.000000000 -0400
@@ -624,6 +624,7 @@
                             (str(why),))
                 assoc = None
             else:
+                if response == None: return None # hack
                 assoc = self._parseAssociation(
                     response, assoc_session, server_url)

Now off to report the problem: done.

Interesting.  Since that configuration used to work, I can only assume that Verisign deployed a new version of their software.  The old version used the server URI that I had in my headers, but apparently they decided to change that without letting anyone know.  Nifty.  I suppose the fact that the Verisign UI has recently changed also lends credence to this theory.

Anyhow, now I can finally leave that comment!

Posted by Bob Aman at

There is a 2.0.1 version of the library available from [link].

They sent an announcement for it and the 2.0.0 release to the mailing list but haven’t updated the web page.  I guess that is due to the OpenID 2.0 specs being delayed (again).  The library should still do a good job authenticating against 1.x OPs.

Looking at the code, it looks like HTTP errors don’t translate to None being returned from makeKVPost.

Posted by James Henstridge at

I meant more like a direct email to their users.  I’m quite sure not all their users read the OpenID mailing list.  I’m subscribed to it, but I don’t read it regularly.

In other news, their new anti-phishing measures are annoying and inconvenient, and I’m not a big fan of the idea of using their Firefox extension; I may just go shopping for a new OpenID provider.

Posted by Bob Aman at

I haven’t gotten any response to my report on the mailing list.  That makes me less inclined to beta test releases which aren’t advertised on the web site.

But in other news, my post is starting to show up in Google’s indexes.  Once it works its way off of the front page of various planets and feeds, hopefully this page will turn out to be useful to the next person who encounters the error by pointing out the root cause, a simple patch, and the location of a later version.

Posted by Sam Ruby at

Add your comment