I am trying to validate using this parameters:
"openid.mode=check_authentication"<br>
+ "&openid.assoc_handle=" + txtAssocHandle.Text<br>
+ "&openid.response_nonce=" + HttpUtility.UrlEncode(txtNonce.Text)<br>
+ "&openid.op_endpoint=" + txtEndpoint.Text<br>
+ "&openid.sig=" + txtSignature.Text<br>
+ "&openid.signed=mode,identity,return_to";
and it returns
is_valid:false
ns:http://specs.openid.net/auth/2.0
what am I doing wrong here? the txt fields are being filled with login response values
Your openid.signed argument needs to be exactly what the OP sent to your RP rather than this incomplete hard-coded list of 3 parameters, for one thing. All your arguments should be URL encoded as well, not just your nonce.
There is a lot more to validating an OpenID token than just sending it back to the OP using "dumb mode". What are you trying to do?
Have you considered using an OpenID library? Seriously, getting OpenID right (meaning secure, and interoperable) is a big job. Way bigger than assembling just the right query string. :)