Not all libraries support unsolicited assertions (although technically a
full and correct implementation of the spec means that receiving
unsolicited assertions will "just work"). I don't know if the Python
one(s) support them.
DNOA prefers to use HTTP GET for all message passing between OpenID
parties. It only uses POST if the message payload is too large for a URL.
When I just double checked, I saw a GET sent to the RP with the assertion.
The RP then uses a POST directly back to the OP (not via the browser) to
verify the assertion, and this is per mandate in the spec. So I think it's
doing what you're wanting it to do.
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Tue, May 8, 2012 at 9:02 AM, Richard Collette <richard.colle...@gmail.com