Thursday, April 03, 2008

DotNetOpenId 1.0.1 released

A maintenance release of DotNetOpenId 1.0 has just been posted to the DotNetOpenId project site.  The new version (1.0.1) contains just one fix from the 1.0.0 version that corrects a very small lifetime of associations issued by the DotNetOpenId provider.  Only those implementing OpenId Provider web sites need to upgrade from 1.0.0 to 1.0.1 -- those sites only using OpenId as a relying party are not affected by this bug.
In version 1.0.0: the provider issued associations that lived for only one minute
In version 1.0.1: the provider issues associations that live for 14 days.
Symptom: in version 1.0.0, a user that takes more than a minute to log in through his/her OpenId Provider powered by DotNetOpenId would get redirected to the relying party web site to see an error message due to an association expiration.  Some relying parties may reject associations that live only one minute anyway and switch to dumb mode, and thus be somewhat unaffected by this bug.
Anyone implementing a Provider with DotNetOpenId 1.0.0 is strongly urged to upgrade to 1.0.1.

No comments:

Post a Comment