Janrain's PHP-OpenID and Google/Yahoo

你。 提交于 2019-11-27 20:48:53

问题


I'm using Janrain's PHP-OpenID 2.1.3, and I've managed to get it working with all the providers I have tried except for Google and Yahoo. The major difference here seems to be that Google and Yahoo, unlike most other providers, don't use a user-specific URL, but rather have the user discovery framework all on their end - which throws the default Janrain framework for a loop then it tries to begin the auth request.

From what I've seen it looks like it's probably the YADIS discovery that is throwing the error, which should be able to be bypassed since the discovery is on Google or Yahoo's end, but I'm not sure. This is all a big informal learning experience for me, and I haven't had any luck finding documentation that can help me on this one. Any tips would be greatly appreciated.

Edit: the specific problem I am having is that when the begin() function is called for the Google or Yahoo URL, I get a null return. This function is found in Auth/OpenID/Consumer.php for reference.


回答1:


Ok, I finally got to fix the library... I explained everything here (you can also download the php-openid library after my changes).

I needed to do what Paul Tarjan suggested but, also, I needed to modify the Auth_OpenID_detectMathLibrary and add the static keyword to a lot of functions. After that It seems to work perfectly although it is not an ideal solution... I think that someone should rewrite the whole library in PHP 5...




回答2:


I had the same problem on Windows XP. Fixed by activating curl extension. To do this uncomment in php.ini the line

extension=php_curl.dll

by removing the ; in front of it if any. Restart apache.

Also on windows to work properly you need to define Auth_OpenID_RAND_SOURCE as null since in windows you don't have a random source. You can do this by adding the line

define('Auth_OpenID_RAND_SOURCE', null);

in CryptUtil.php before the first code line

if(!defined('Auth_OpenID_RAND_SOURCE')){

Even if the curl is not enabled the API should work by using instead the Auth_Yadis_PlainHTTPFetcher to communicat via HTTP. In the case of Google and Yahoo you need https, so it only works if open_ssl is enabled (Auth_Yadis_PlainHTTPFetcher::supportsSSL must return true).




回答3:


I had exactly the same problem and it took me nearly 2 hours to track the problem. Jan Rain's OpenId lib requires 'DOM or domxml PHP XML' (https://github.com/openid/php-openid) but it will fail silently when neither is available!

On my CentOS installation simple:

yum install php-xml

fixed the problem (I'm using this repo: http://blog.famillecollet.com/pages/Config-en).




回答4:


This library should work with Yahoo and Google just fine. You can see the online demo for this library and try it out yourself using "yahoo.com" or "https://www.google.com/accounts/o8/id" to test it out against these two OPs.

Google has along identifier to type in because they're still in beta and haven't pushed their OP Identifier to be just "google.com" yet.




回答5:


Are you using the example RP? Can I suggest you submit a detailed bug at http://trac.openidenabled.com/trac/newticket?project=php-openid or a detailed enquiry via the mailing list.

The immediate_mode support indeed does work the libraries if implemented correctly. I (and others) would also be happy to help you on the OpenID IRC channel irc.reenode.net in #openid. My nickname is flaccid.




回答6:


I agree on the certificate part - for me installing the ca-certificates package (on debian like systems: apt-get install ca-certificates ) and a webserver restart solved the google/yahoo issue. Not my idea, but instead suggested on stackoverflow :-)




回答7:


It's because you don't have curl support enabled enabled in php. Without this, it can't get https content. At least, that's what I discovered. When I tried to get yahoo or google, it failed with an error message "Authentication error; not a valid OpenID," but when I enable php_curl, it works properly.




回答8:


Make sure your server has curl with https protocol enabled. This solved it for me.

see this thread.

Here is a quick script to test it out. Upload on your server then acccess it via your browser.

<?php
error_reporting(E_ALL);
// create curl resource
$myurl = 'https://<YOURACCOUNT>.myopenid.com';
$curl_handle=curl_init();
curl_setopt($curl_handle,CURLOPT_URL, $myurl);
curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,2);
curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1);
$buffer = curl_exec($curl_handle);


if (empty($buffer))
{
    print "Sorry, cannot access $myurl .<p>". curl_error($curl_handle);
}
else
{
    print $buffer;
}

curl_close($curl_handle);


?>

If it returns " Protocol https not supported or disabled in libcurl" then you know what to do.

I tried it using my gmail account and it works but it leads to a 301 permanent rediret, which makes sense.




回答9:


I downloaded the latest libraries and I get the same failed results when using Yahoo!. I did not try Google.

If I try to use http://www.yahoo.com I get an error saying authorization failed, but it returns my correct me.yahoo.com url. If I try to login using my me.yahoo.com url then I get an error saying to enter a valid OpenID url.




回答10:


Another potential difference is that Google and Yahoo use HTTPS and if your PHP or SSL installation is misconfigured (perhaps missing CA certs) then your OpenID code will fail to establish an association or complete the check_authentication call.

But without error messages or logs, I can't really tell what type of failure you're looking at.




回答11:


A couple of years too late, but this might be relevant for users using Janrains PHP OpenID 2.2.2 library on a Windows platform. I'm still on PHP 5.2.17.

My simple test, just to make sure the library was contacting Google was to use the examples/discover.php program, and pass Googles OpenID URL (https://www.google.com/accounts/o8/id).

As per the instructions, the standard steps are to enable GMP (uncomment extension=php_gmp.dll) and CURL (uncomment extension=php_curl.dll). XML should already be enabled.

You may also need to extract the package in contrib/google and make sure google_discovery.php and ca-bundle.crt are in Auth/OpenID.

The extra paranoid could start with examples/detect.php, to make sure they have things set up correctly. It is expected you'd pass all the tests except the Cryptographic Randomness test. For this, you'll need to add

define('Auth_OpenID_RAND_SOURCE', null);

to the top of examples/detect.php. And while you're there, add that to examples/consumer/common.php (since examples/discover.php uses it).

Now, even after all this, discovery for the Google OpenID URL was failing. I was getting CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in the php error log.

In the Windows environment, you need a definition for the CURLOPT_CAINFO. For my quick test, I added curl_setopt($c, CURLOPT_CAINFO, dirname(__FILE__)."/../OpenID/ca-bundle.crt"); before the curl_exec() statements in Auth/Yadis/ParanoidHTTPFetcher.php.

This allowed the examples/discover.php to discover the services offered by the Google URL.

As a longer term solution for setting CURLOPT_CAINFO in Windows, you might like to refer to this StackOverflow answer so you can add a setting to your php.ini.



来源:https://stackoverflow.com/questions/992682/janrains-php-openid-and-google-yahoo

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!