return_to does not match return URL - after upgrading openid library

StackOverflow https://stackoverflow.com/questions/12907635

Question

I have upgraded PHP from version 5.2 to 5.3. Then upgraded the OpenId and library from 2.1.2 to 2.2.2. And also updated Yadis to latest. Before the upgrade, OpenId log-in was working. The underlying CMS is Drupal. Now I get an Auth_OpenID_FailureResponse in the returned end point.

My code looks like below :

include 'common.php';
$consumer = getConsumer();
$response = $consumer->complete( BASE_URL . '/google/return' . urlencode($ext_param));

if( $response->status == Auth_OpenID_SUCCESS ){
    echo "Successful status";
} else {
    print_r( $response );
}

The trace looks like below (removed original domain name):

Auth_OpenID_FailureResponse Object (
    [status] => failure 
    [endpoint] =>
    [identity_url] =>
    [message] => return_to does not match return URL. Expected http://xxx.xxxxx.com/ \ 
      openid/google/return?from=accounts.google.com&janrain_nonce= \
      2012-10-16T03%3A54%3A37Zudn8eJ, got http://xxx.xxxxx.com/openid/google/return? \
      from=accounts.google.com&janrain_nonce=2012-10-16T03%3A54%3A37Zudn8eJ
    [contact] =>
    [reference] => 
)

This looks strange to me as the code is not modified but the library and the PHP version is upgraded. I searched online for any issues and read the documentations too.

Did I miss any thing or have to do any extra work for the upgrade ?

Was it helpful?

Solution

I was able to fix the issue by myself. The root cause was Drupal current path variable $_GET['q'] so it is removed from the $_GET parameters array and that made the OpenId return endpoint process success.

Code in the OpenID return end point :

function handle_openid_return () {
    // unset the parameter 'q' from $_GET
    unset($_GET['q']);
    // Include
    include 'common.php';
    // Get the OpenID consumer
    $consumer = getConsumer();

    $response = $consumer->complete( BASE_URL . '/google/return' . urlencode($ext_param));

    // Check the status of the $response object, for successful OpenID call
    if ($response->status == Auth_OpenID_SUCCESS) {
        ...
    } else {
        ...
    }
}

OTHER TIPS

I encountered the same issue in Drupal 6 with the latest php-openid. I had to strip the q= parameter from $_SERVER['QUERY_STRING'] before calling getConsumer() though.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top