我正在使用 Janrain 的 PHP-OpenID 2.1.3,并且我已经成功获得它与我尝试过的所有提供商合作,除了谷歌和雅虎。 这里的主要区别似乎是,与大多数其他提供商不同,Google 和 Yahoo 不使用特定于用户的 URL,而是将用户发现框架全部放在自己的末端 - 这会引发默认的 Janrain 框架循环,然后它尝试开始身份验证请求。
从我所看到的来看,它看起来可能是 YADIS 发现引发了错误,应该能够绕过该错误,因为该发现是在 Google 或 Yahoo 端进行的,但我不确定。 这对我来说是一次重要的非正式学习经历,但我没有运气找到可以在这方面帮助我的文档。 任何提示将非常感谢。
编辑:我遇到的具体问题是,当为 Google 或 Yahoo URL 调用 begin() 函数时,我得到一个 null 返回。 这个函数可以在Auth/OpenID/Consumer.php中找到,供参考。
I'm using Janrain's PHP-OpenID 2.1.3, and I've managed to get it working with all the providers I have tried except for Google and Yahoo. The major difference here seems to be that Google and Yahoo, unlike most other providers, don't use a user-specific URL, but rather have the user discovery framework all on their end - which throws the default Janrain framework for a loop then it tries to begin the auth request.
From what I've seen it looks like it's probably the YADIS discovery that is throwing the error, which should be able to be bypassed since the discovery is on Google or Yahoo's end, but I'm not sure. This is all a big informal learning experience for me, and I haven't had any luck finding documentation that can help me on this one. Any tips would be greatly appreciated.
Edit: the specific problem I am having is that when the begin() function is called for the Google or Yahoo URL, I get a null return. This function is found in Auth/OpenID/Consumer.php for reference.
发布评论
评论(8)
好吧,我终于修复了库......我解释了一切 这里(您也可以下载我更改后的 php-openid 库)。
我需要按照 Paul Tarjan 的建议进行操作,但同时,我还需要修改 Auth_OpenID_detectMathLibrary 并将
static关键字添加到许多函数中。 之后,虽然它不是一个理想的解决方案,但它似乎工作得很好......我认为有人应该用 PHP 5 重写整个库......Ok, I finally got to fix the library... I explained everything here (you can also download the php-openid library after my changes).
I needed to do what Paul Tarjan suggested but, also, I needed to modify the
Auth_OpenID_detectMathLibraryand add thestatickeyword to a lot of functions. After that It seems to work perfectly although it is not an ideal solution... I think that someone should rewrite the whole library in PHP 5...我在 Windows XP 上也遇到了同样的问题。 通过激活卷曲扩展来修复。 要执行此操作,请在 php.ini 中取消注释该行
,方法是删除该行前面的 ;(如果有)。 重新启动阿帕奇。
另外,为了在 Windows 上正常工作,您需要将 Auth_OpenID_RAND_SOURCE 定义为 null,因为在 Windows 中您没有随机源。 添加这一行来完成此操作。
您可以通过在 CryptUtil.php 中的第一个代码行之前
即使未启用curl,API 也应该通过使用 Auth_Yadis_PlainHTTPFetcher 通过 HTTP 进行通信来工作。 对于 Google 和 Yahoo,您需要 https,因此仅在启用 open_ssl 时才有效(Auth_Yadis_PlainHTTPFetcher::supportsSSL 必须返回 true)。
I had the same problem on Windows XP. Fixed by activating curl extension. To do this uncomment in php.ini the line
by removing the ; in front of it if any. Restart apache.
Also on windows to work properly you need to define Auth_OpenID_RAND_SOURCE as null since in windows you don't have a random source. You can do this by adding the line
in CryptUtil.php before the first code line
Even if the curl is not enabled the API should work by using instead the Auth_Yadis_PlainHTTPFetcher to communicat via HTTP. In the case of Google and Yahoo you need https, so it only works if open_ssl is enabled (Auth_Yadis_PlainHTTPFetcher::supportsSSL must return true).
我遇到了完全相同的问题,我花了近 2 个小时来跟踪问题。 Jan Rain 的 OpenId lib 需要“DOM 或 domxml PHP XML”(https://github.com/openid/php-openid),但当两者都不可用时,它会默默地失败!
在我的 CentOS 安装上很简单:
修复了问题(我正在使用此存储库:http://blog. famillecollet.com/pages/Config-en)。
I had exactly the same problem and it took me nearly 2 hours to track the problem. Jan Rain's OpenId lib requires 'DOM or domxml PHP XML' (https://github.com/openid/php-openid) but it will fail silently when neither is available!
On my CentOS installation simple:
fixed the problem (I'm using this repo: http://blog.famillecollet.com/pages/Config-en).
您使用的是示例 RP 吗? 我可以建议您在 http://trac.openidenabled.com 提交详细的错误吗/trac/newticket?project=php-openid 或通过邮件列表进行详细查询。
如果正确实现,immediate_mode 支持确实可以使库正常工作。 我(和其他人)也很乐意在 #openid 的 OpenID IRC 频道 irc.reenode.net 上为您提供帮助。 我的昵称很软弱。
Are you using the example RP? Can I suggest you submit a detailed bug at http://trac.openidenabled.com/trac/newticket?project=php-openid or a detailed enquiry via the mailing list.
The immediate_mode support indeed does work the libraries if implemented correctly. I (and others) would also be happy to help you on the OpenID IRC channel irc.reenode.net in #openid. My nickname is flaccid.
这是因为你没有在 php 中启用curl 支持。 如果没有这个,它就无法获取 https 内容。 至少,这是我发现的。 当我尝试获取 yahoo 或 google 时,它失败并显示错误消息“身份验证错误;不是有效的 OpenID”,但当我启用 php_curl 时,它可以正常工作。
It's because you don't have curl support enabled enabled in php. Without this, it can't get https content. At least, that's what I discovered. When I tried to get yahoo or google, it failed with an error message "Authentication error; not a valid OpenID," but when I enable php_curl, it works properly.
确保您的服务器启用了curl并启用了https协议。 这为我解决了这个问题。
请参阅此线程。
这是一个用于测试它的快速脚本。 上传到您的服务器上,然后通过浏览器访问它。
如果它返回“libcurl 中不支持或禁用协议 https”,那么您就知道该怎么做了。
我使用我的 Gmail 帐户尝试过,它可以工作,但会导致 301 永久重定向,这是有道理的。
Make sure your server has curl with https protocol enabled. This solved it for me.
see this thread.
Here is a quick script to test it out. Upload on your server then acccess it via your browser.
If it returns " Protocol https not supported or disabled in libcurl" then you know what to do.
I tried it using my gmail account and it works but it leads to a 301 permanent rediret, which makes sense.
另一个潜在的区别是 Google 和 Yahoo 使用 HTTPS,如果您的 PHP 或 SSL 安装配置错误(可能缺少 CA 证书),那么您的 OpenID 代码将无法建立关联或完成 check_authentication 调用。
但如果没有错误消息或日志,我无法真正判断您正在查看哪种类型的故障。
Another potential difference is that Google and Yahoo use HTTPS and if your PHP or SSL installation is misconfigured (perhaps missing CA certs) then your OpenID code will fail to establish an association or complete the check_authentication call.
But without error messages or logs, I can't really tell what type of failure you're looking at.
已经晚了几年,但这可能与使用 Janrains PHP OpenID 的用户相关2.2.2 Windows 平台上的 库。 我还在使用 PHP 5.2.17。
我的简单测试,只是为了确保图书馆与 Google 联系,使用 example/discover.php 程序,并传递 Google 的 OpenID URL (https://www.google.com/accounts/o8/id)。
根据说明,标准步骤是启用 GMP(取消注释扩展=php_gmp.dll)和 CURL(取消注释扩展=php_curl.dll)。 XML 应该已经启用。
您可能还需要在 contrib/google 中提取包,并确保 google_discovery.php 和 ca-bundle.crt 位于 Auth/OpenID 中。
额外的偏执狂可以从examples/detect.php开始,以确保他们的设置正确。 预计您将通过除加密随机性测试之外的所有测试。 为此,您需要添加
到examples/detect.php 的顶部。 当你在那里时,将其添加到examples/consumer/common.php(因为examples/discover.php使用它)。
现在,即使经历了这一切,Google OpenID URL 的发现仍然失败。 我收到
CURL 错误 (60):SSL 证书问题,请验证 CA 证书是否正常。 细节:。PHP 错误日志中的错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
在 Windows 环境中,您需要 CURLOPT_CAINFO 的定义。 为了进行快速测试,我在 Auth/ 中的curl_exec() 语句之前添加了
curl_setopt($c, CURLOPT_CAINFO, dirname(__FILE__)."/../OpenID/ca-bundle.crt");Yadis/ParanoidHTTPFetcher.php。这允许 example/discover.php 发现 Google URL 提供的服务。
作为在 Windows 中设置 CURLOPT_CAINFO 的长期解决方案,您可能需要参考 这个 StackOverflow 答案,以便您可以向 php.ini 添加设置。
A couple of years too late, but this might be relevant for users using Janrains PHP OpenID 2.2.2 library on a Windows platform. I'm still on PHP 5.2.17.
My simple test, just to make sure the library was contacting Google was to use the examples/discover.php program, and pass Googles OpenID URL (https://www.google.com/accounts/o8/id).
As per the instructions, the standard steps are to enable GMP (uncomment extension=php_gmp.dll) and CURL (uncomment extension=php_curl.dll). XML should already be enabled.
You may also need to extract the package in contrib/google and make sure google_discovery.php and ca-bundle.crt are in Auth/OpenID.
The extra paranoid could start with examples/detect.php, to make sure they have things set up correctly. It is expected you'd pass all the tests except the Cryptographic Randomness test. For this, you'll need to add
to the top of examples/detect.php. And while you're there, add that to examples/consumer/common.php (since examples/discover.php uses it).
Now, even after all this, discovery for the Google OpenID URL was failing. I was getting
CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details:in the php error log.error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
In the Windows environment, you need a definition for the CURLOPT_CAINFO. For my quick test, I added
curl_setopt($c, CURLOPT_CAINFO, dirname(__FILE__)."/../OpenID/ca-bundle.crt");before the curl_exec() statements in Auth/Yadis/ParanoidHTTPFetcher.php.This allowed the examples/discover.php to discover the services offered by the Google URL.
As a longer term solution for setting CURLOPT_CAINFO in Windows, you might like to refer to this StackOverflow answer so you can add a setting to your php.ini.