翻译I'm using LightOpenID to authenticate OpenID against Google Apps. I make the initial authURL() request and things are good. I call validate() and it fails. Through copious echo's, i've tracked it down to the last few lines of validate().
From validate(), the url passed into discover($url) is https://www.google.com/accounts/o8/user-xrds?uri=http://my-domain.com/openid?id=117665028262121597341
discover() first checks for an xrds-location, which is not present. discover() next checks if the content-type is xrds+xml, which is true. discover() checks for Service(.*)/Service, which is true. Here is the snippet of Service,/Service
<Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/srv/ax/1.0</Type> <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type> <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type> <Type>http://specs.openid.net/extensions/pape/1.0</Type> <URI>https://www.google.com/a/<my domain>.com/o8/ud?be=o8</URI> </Service>discover() sees that we are using OpenID 2 and extracts the URI field into the $server variable. discover() continues extracting the CanonicalID, finding that Google supports AX and not SREG. Finally, discover() returns $server as https://www.google.com/a/my-domain.com/o8/ud?be=o8
validate() continues by cleaning up each field in data[], depending on magic_quotes or not. It sets openid.mode to 'check_authentication', requests the $server returned by discover($url) and preg's for '/is_valid:true'. It is this last preg_match that fails. The $server url does not return a validation but instead says, "The page you requested is invalid."
The answer I'm looking for is the correct url for Google Apps validation. A close second would be what the url should look like and I'll dig through the info returned by Google Apps and see if I have something like that.
ADDED: Not sure if this matters but I do have a /.well-known/host-meta file in place. Here are the contents: Link: <https://www.google.com/accounts/o8/site-xrds?hd=my-domain.com>; rel="describedby http://reltype.google.com/openid/xrd-op"; type="application/xrds+xml"
Let me know if you want more code or data.
Thanks, Eric B.