Janrain php library and google endpoint for OpenId
-
22-07-2019 - |
Question
Im using janRain Php library for OpenId and yadis discovery and no matter what i do, i will work in stuff like user.openid.org or my own provider, but if i try to use the google endpoint, i cant get any discovery information.
Even if i run the discovery example for the janrain library, i get the next result Claimed
Identifier http://www.google.com/accounts/o8/id
No OpenID services discovered.
and it happens the same if I add the https:// before the url.
My question is probably not how to make it work, but if its actually possible, what other choices do i have (that run in my site, no sassy auth wanted in the project).
Why is openId so #@!#@ complex and undocumented?(note, i gave zend_openid a couple of hours to have the same result)
Solution
it's working here. some hints:
- as i understand it,
http(s)://www.google.com/accounts/o8/id
is not an openid endpoint, but googles discovery endpoint. you have to supply it a valid (google) OpenID Identifier, likeexample.blogspot.com
, for which it returns Claimed Identifier, Server URL, Service types, etc. - i got the discovery example only working after fixing the
<?
and<?=
indiscover.php
(replacing them with<?php
and<?php echo
). alternatively, you canini_set('short_open_tag', '1')
. it's off by default inphp.ini-recommended
. - does your PHP installation support SSL? see README, specifically this part:
Not all PHP installations support SSL. You can find out if yours supports SSL by reading the "HTTP Fetching" section of the output of "examples/detect.php." If your installation does not support SSL, then https:// identity URLs and server URLs will not be supported by the library. An attempt to use such an identity URL will be equivalent to using an invalid OpenID. To enable SSL support, recompile PHP with OpenSSL support or install the appropriate OpenSSL module for your platform. If you are using CURL, CURL will need to be built with OpenSSL support.
OTHER TIPS
This is a legitimate beef. Google says they support OpenID, but theirs doesn't work like ANYONE elses. MyOpenID.com, blogspot, aol, yahoo, wordpress, myspace, livejournal and many others all support the standard correctly and it works as expected. As does your own OpenID provider you can build using the CommunityID server project.
/sigh
You need to do a directed identity request. Normally that just involves passing the URL as though the user had entered it... that's always worked for me in the past (so long as the library you use supports OpenID2.0).
I suggest you look this question: Janrain's PHP-OpenID and Google/Yahoo