Login/Register
LightOpenID validate() fail on Google Apps
Asked Answered
phpopenidgoogle-appslightopenid
E

1

22

I'm using LightOpenID to authenticate OpenID against Google Apps. I make the initial authURL() request and things are good. I call validate() and it fails. Through copious echo's, i've tracked it down to the last few lines of validate().

From validate(), the url passed into discover($url) is https://www.google.com/accounts/o8/user-xrds?uri=http://my-domain.com/openid?id=117665028262121597341

discover() first checks for an xrds-location, which is not present. discover() next checks if the content-type is xrds+xml, which is true. discover() checks for Service(.*)/Service, which is true. Here is the snippet of Service,/Service

<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/signon</Type> 

<Type>http://openid.net/srv/ax/1.0</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
<Type>http://specs.openid.net/extensions/pape/1.0</Type>
<URI>https://www.google.com/a/<my domain>.com/o8/ud?be=o8</URI>
</Service>

discover() sees that we are using OpenID 2 and extracts the URI field into the $server variable. discover() continues extracting the CanonicalID, finding that Google supports AX and not SREG. Finally, discover() returns $server as https://www.google.com/a/my-domain.com/o8/ud?be=o8

validate() continues by cleaning up each field in data[], depending on magic_quotes or not. It sets openid.mode to 'check_authentication', requests the $server returned by discover($url) and preg's for '/is_valid:true'. It is this last preg_match that fails. The $server url does not return a validation but instead says, "The page you requested is invalid."

The answer I'm looking for is the correct url for Google Apps validation. A close second would be what the url should look like and I'll dig through the info returned by Google Apps and see if I have something like that.

ADDED: Not sure if this matters but I do have a /.well-known/host-meta file in place. Here are the contents: Link: <https://www.google.com/accounts/o8/site-xrds?hd=my-domain.com>; rel="describedby http://reltype.google.com/openid/xrd-op"; type="application/xrds+xml"

Let me know if you want more code or data.

Thanks, Eric B.

Endocardial answered 28/3, 2011 at 17:56 Comment(3)
I am experiencing the same difficulty with Google Apps and LightOpenId... It has only started happening recently though.Inartistic
And now I'm back, almost a year later, with the same issue. I can almost remember what made the issue go away last year - tried Googling again and look where it took me...Inartistic
Some possible answers: #3995511 #14753215Androclinium
P
0

Make sure PHP curl extension has been installed on your server. We have encountered exact same symptoms in production recently and it was related to an issue of server provisioning.

If you're running an app on Debian, simply use:

apt-get install php5-curl
Pinot answered 6/4, 2013 at 8:56 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.