Problems with OpenID usernames generated for API

Jul 22, 2007 6:36pm

dbroekman 44 posts

I’ve gotten a bunch of reports recently about people trying to use Avalanche with OpenID. I’ve told them to use the generated username and password, but some people are still having trouble, because their username contains a ”/” character.

When sending requests to the BC API, Avalanche uses the http://un:pw@url.com format, so if the username (or the password) has a ”/” in it, that will mess up the request. Encoding the username (so openid.aol.com/screenname becomes openid.aol.com%2Fscreenname) sends the request to the right place, but then the login information is incorrect.

Since this generated login is used only in Basecamp, would it be possible to generate usernames and passwords that use only letters and numbers? I realize that making this change and notifying all OpenID users about their new third-party logins is a pretty big deal, but I’m sure that mine is not the only integration that breaks because of this.

The other alternative is for Basecamp to decode usernames and passwords when they come in, in effect accepting the “openid.aol.com%2Fscreenname” username and mapping it to the “openid.aol.com/screenname” username internally.

Either of these would be really helpful for me.

Thanks,
dbroekman

Jul 23, 2007 4:47pm

dbroekman 44 posts

Also on a similar note, having a username with an @ sign in it does not work.

Is there any way around this?

Jul 26, 2007 5:45pm

dbroekman 44 posts

Is the only solution really to tell my users to change their username and password to not have special characters?

Jul 27, 2007 5:20am

David Heinem... Administrator 260 posts

I’ll look into the decoding suggestion and report back. Thanks for noting this.

Aug 9, 2007 1:32am

Chris Messina 16 posts

David, you should check into Oauth. This is the specific use case that Oauth is being developed for—and is designed to work with OpenID. I’d love to see Oauth make its way into Rails.

Aug 21, 2007 3:00pm

mike3000 2 posts

We used avalanche and we liked it a lot.
We then moved to the usernames being email addresses: e.g. bob@company.com
We can no longer login through Avalanche (web site works fine).
I submitted a bug on the avalanche site, but have not heard back.

Sep 4, 2007 4:19am

dbroekman 44 posts

David, is there any progress on the decoding idea? For now, the updated version of my widget gives an error message when trying to log in with an @ or : sign in the username or password.

Sep 4, 2007 5:27am

dbroekman 44 posts

By the way, Mike, in the latest version of Avalanche, it will warn you if your username contains an sign in it and tells you that you can use Avalanche if you change your username to be without the sign.

Aug 27, 2008 7:53pm

Clay Hinson 3 posts

way late on this topic, but I’ve noticed that using me.yahoo.com%2fmyidentifier does in fact work for avalanche now.

Jul 22, 2007 6:36pm dbroekman 44 posts	I’ve gotten a bunch of reports recently about people trying to use Avalanche with OpenID. I’ve told them to use the generated username and password, but some people are still having trouble, because their username contains a ”/” character. When sending requests to the BC API, Avalanche uses the http://un:pw@url.com format, so if the username (or the password) has a ”/” in it, that will mess up the request. Encoding the username (so openid.aol.com/screenname becomes openid.aol.com%2Fscreenname) sends the request to the right place, but then the login information is incorrect. Since this generated login is used only in Basecamp, would it be possible to generate usernames and passwords that use only letters and numbers? I realize that making this change and notifying all OpenID users about their new third-party logins is a pretty big deal, but I’m sure that mine is not the only integration that breaks because of this. The other alternative is for Basecamp to decode usernames and passwords when they come in, in effect accepting the “openid.aol.com%2Fscreenname” username and mapping it to the “openid.aol.com/screenname” username internally. Either of these would be really helpful for me. Thanks, dbroekman

Jul 23, 2007 4:47pm dbroekman 44 posts	Also on a similar note, having a username with an @ sign in it does not work. Is there any way around this?

Jul 26, 2007 5:45pm dbroekman 44 posts	Is the only solution really to tell my users to change their username and password to not have special characters?

Jul 27, 2007 5:20am David Heinem... Administrator 260 posts	I’ll look into the decoding suggestion and report back. Thanks for noting this.

Aug 9, 2007 1:32am Chris Messina 16 posts	David, you should check into Oauth. This is the specific use case that Oauth is being developed for—and is designed to work with OpenID. I’d love to see Oauth make its way into Rails.

Aug 21, 2007 3:00pm mike3000 2 posts	We used avalanche and we liked it a lot. We then moved to the usernames being email addresses: e.g. bob@company.com We can no longer login through Avalanche (web site works fine). I submitted a bug on the avalanche site, but have not heard back.

Sep 4, 2007 4:19am dbroekman 44 posts	David, is there any progress on the decoding idea? For now, the updated version of my widget gives an error message when trying to log in with an @ or : sign in the username or password.

Sep 4, 2007 5:27am dbroekman 44 posts	By the way, Mike, in the latest version of Avalanche, it will warn you if your username contains an `sign in it and tells you that you can use Avalanche if you change your username to be without the` sign.

Aug 27, 2008 7:53pm Clay Hinson 3 posts	way late on this topic, but I’ve noticed that using me.yahoo.com%2fmyidentifier does in fact work for avalanche now.
	Signup or login to post a reply.

Basecamp Customer Forum

Problems with OpenID usernames generated for API