Is the correct value for the openid.assoc_type parameter really “HMAC-256”, and not “HMAC-SHA256”? That is what the spec (draft 12) says, though it is somewhat counter-intuitive given the algorithm is named “HMAC-SHA256” and the other algorithm “HMAC-SHA1” uses the same string for the algorithm name and assoc_type value.
Googling for "assoc_type=HMAC-SHA256" finds 5 results (from 3 code bases?). Googling for "assoc_type=HMAC-256" finds none. http://openid.net/specs/openid-authentication-2_0-12.html#assoc_types “8.3.2. HMAC-SHA256 An association of type "HMAC-256" uses the HMAC-SHA256 (Signature Algorithms) signature algorithm.” _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs