LightOpenID validate() 在 Google Apps 上失败
我正在使用 LightOpenID 针对 Google Apps 验证 OpenID。我发出初始 authURL() 请求,一切都很好。我调用 validate() 但失败了。通过大量的回声,我已经追踪到 validate() 的最后几行。
从 validate() 中,传递到 discovery($url) 的 url 为 https://www.google.com/accounts/o8/user-xrds?uri=http://my-domain.com/openid? id=117665028262121597341
discovery() 首先检查不存在的 xrds-location。 discovery() 接下来检查内容类型是否为 xrds+xml,这是正确的。 discovery() 检查 Service(.*)/Service,这是正确的。这是 Service 的片段,/Service
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
<Type>http://specs.openid.net/extensions/pape/1.0</Type>
<URI>https://www.google.com/a/<my domain>.com/o8/ud?be=o8</URI>
</Service>
discovery() 看到我们正在使用 OpenID 2 并将 URI 字段提取到 $server 变量中。 discovery() 继续提取 CanonicalID,发现 Google 支持 AX 而不是 SREG。最后,discover() 返回 $server,因为 https://www.google.com/a/my-domain.com/o8/ud?be=o8
validate() 继续清理每个字段在 data[] 中,取决于 magic_quotes 与否。它将 openid.mode 设置为“check_authentication”,请求 discovery($url) 返回的 $server 和 preg 的“/is_valid:true”。最后的 preg_match 失败了。 $server url 不会返回验证,而是显示“您请求的页面无效”。
我正在寻找的答案是 Google Apps 验证的正确网址。紧随其后的是网址应该是什么样子,我将深入研究 Google Apps 返回的信息,看看是否有类似的东西。
添加:不确定这是否重要,但我确实有一个 /.well-known/host-meta 文件。以下是内容: 链接:
如果您需要更多代码或数据,请告诉我。
谢谢, 埃里克·B.
I'm using LightOpenID to authenticate OpenID against Google Apps. I make the initial authURL() request and things are good. I call validate() and it fails. Through copious echo's, i've tracked it down to the last few lines of validate().
From validate(), the url passed into discover($url) is https://www.google.com/accounts/o8/user-xrds?uri=http://my-domain.com/openid?id=117665028262121597341
discover() first checks for an xrds-location, which is not present. discover() next checks if the content-type is xrds+xml, which is true. discover() checks for Service(.*)/Service, which is true. Here is the snippet of Service,/Service
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
<Type>http://specs.openid.net/extensions/pape/1.0</Type>
<URI>https://www.google.com/a/<my domain>.com/o8/ud?be=o8</URI>
</Service>
discover() sees that we are using OpenID 2 and extracts the URI field into the $server variable. discover() continues extracting the CanonicalID, finding that Google supports AX and not SREG. Finally, discover() returns $server as https://www.google.com/a/my-domain.com/o8/ud?be=o8
validate() continues by cleaning up each field in data[], depending on magic_quotes or not. It sets openid.mode to 'check_authentication', requests the $server returned by discover($url) and preg's for '/is_valid:true'. It is this last preg_match that fails. The $server url does not return a validation but instead says, "The page you requested is invalid."
The answer I'm looking for is the correct url for Google Apps validation. A close second would be what the url should look like and I'll dig through the info returned by Google Apps and see if I have something like that.
ADDED: Not sure if this matters but I do have a /.well-known/host-meta file in place. Here are the contents:Link: <https://www.google.com/accounts/o8/site-xrds?hd=my-domain.com>; rel="describedby http://reltype.google.com/openid/xrd-op"; type="application/xrds+xml"
Let me know if you want more code or data.
Thanks,
Eric B.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
确保您的服务器上已安装 PHP curl 扩展。我们最近在生产中遇到了完全相同的症状,这与服务器配置问题有关。
如果您在 Debian 上运行应用程序,只需使用:
Make sure PHP curl extension has been installed on your server. We have encountered exact same symptoms in production recently and it was related to an issue of server provisioning.
If you're running an app on Debian, simply use: