使用 Ruby 在 OpenID 中检索 XRDS 文档
我只是在玩弄 OpenID 协议。我正在尝试发送 Discovery 请求并从 google 检索 XRDS 文档。当我尝试使用curl从终端执行此操作时,我得到以下输出
curl --url "https://www.google.com/accounts/o8/id"
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/server</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
<Type>http://specs.openid.net/extensions/pape/1.0</Type>
<URI>https://www.google.com/accounts/o8/ud</URI>
</Service>
</XRD>
</xrds:XRDS>
当我尝试从ruby代码执行相同操作时,它给了我一个302错误,并且它已移动到的url指向同一请求网址。
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://www.google.com/accounts/o8/id">here</A>.
</BODY>
</HTML>
代码
require 'net/http'
require 'net/https'
require 'uri'
http = Net::HTTP.new(uri.host, uri.port)
response = Net::HTTP.get_response(URI.parse("http://www.google.com/accounts/o8/id"))
puts "#{response.read_body}"
如何通过代码获取 XRDS 以及为什么显示不同的输出。有人可以解释一下吗?谢谢
I am just playing around with the OpenID protocol. I am trying to send Discovery request and retrieve the XRDS document from google . When I try to do it from the terminal using the curl, I am getting the following output
curl --url "https://www.google.com/accounts/o8/id"
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/server</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
<Type>http://specs.openid.net/extensions/pape/1.0</Type>
<URI>https://www.google.com/accounts/o8/ud</URI>
</Service>
</XRD>
</xrds:XRDS>
When I try to do the same from the ruby code, It gives me a 302 error and the url to which it has moved points to the same request url.
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://www.google.com/accounts/o8/id">here</A>.
</BODY>
</HTML>
Code
require 'net/http'
require 'net/https'
require 'uri'
http = Net::HTTP.new(uri.host, uri.port)
response = Net::HTTP.get_response(URI.parse("http://www.google.com/accounts/o8/id"))
puts "#{response.read_body}"
How to get the XRDS through the code and why is it showing different outputs. Can someone explain it?Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
正如您所看到的,当您从 ruby 获取文档时,它会返回 302 状态代码,这意味着您应该查找
location标头并遵循它,就像curl 一样。另一个答案建议只是对有效的 url 进行硬编码,但这不是正确的解决方案,因为 Google 也可以让它返回 302 并将文档移动到其他地方。
更不用说您应该执行完整的 Yadis 发现,而不是希望从 URL 中获得 XRDS 文档(因为,例如,Google 可能会认为这是解释 OpenID 的好位置,并使用
X-XRDS-Location标头将 XRDS 移动到其他位置)。As you can see, when you fetch the document from ruby, it returns 302 status code, which means that you should look for
locationheader and follow it, like curl does.Another answer suggested just hardcoding the valid url, but that isn't a correct solution, since Google could make it return 302 as well and move the document somewhere else.
Not to mention that you should perform full Yadis discovery instead of hoping that you'll get an XRDS document from the url (because, for example, Google might decide that it's a good location for explanation of OpenID, and move the XRDS somewhere else using
X-XRDS-Locationheader).Google 期望使用 https 协议,尽管在您的 ruby 示例中您使用的是 http,因此会出现 302 错误。以下代码片段将为您提供 xrds 文档:
Google expects the https protocol, though in your ruby example you use http, hence the 302 error. The following snippet should get you the xrds document: