asanso / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

OpenId Attributes Exchange with MyOpenId and Blogger #128

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hi,

I am using openid4java(0.9.5) to authenticate user to different OpenId 
Providers.

As part of the authentication, i  need to get the user "email" attribute from 
the OpenIdProvider.

For this, I am creating FecthRequest like below:

FetchRequest fetch = FetchRequest.createFetchRequest();
fetch.addAttribute("email", "http://axschema.org/contact/email", true);
if (!fetch.getAttributes().isEmpty()) {
   ret.addExtension(fetch);
}

and to retrieving the attributes :

AuthSuccess autSuccess =(AuthSuccess) verificationResult.getAuthResponse();

if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {

MessageExtension extension=authSuccess.getExtension(AxMessage.OPENID_NS_AX);

    if (extension instanceof FetchResponse) {
      FetchResponse fetchResp = (FetchResponse) extension;
     email = fetchResp.getAttributeValue("email");
   }

}

The above code is working fine and i am able to get the "email" attribute from 
both "Google" and "Yahoo" Providers.

But i am not able to get the "email" from MyOpenId,Blogger sites.

When i am using MyOpenId, authSuccess.hasExtension fails..so i am not able to 
get the email.

I am using openid4java 0.9.5 and Operating System WIndows Vista.

Please help me regarding how to get "email" from MyOpenId and Blogger.

Original issue reported on code.google.com by ramanaup...@gmail.com on 12 Sep 2010 at 1:21

GoogleCodeExporter commented 8 years ago
Maybe you should use the Simple Registration extension instead of the Attribute 
Exchange extension to retrive email attribute from myopenid.

Original comment by zhoushu...@gmail.com on 12 Sep 2010 at 1:40

GoogleCodeExporter commented 8 years ago
Hi,

Thanks,I have also tried SRegRequest for MyOpenId prvider, still i am not able 
to get the email attribute.

Below is the request:

SRegRequest sRegRequest = SRegRequest.createFetchRequest();
 sRegRequest.addAttribute("email", true);
 ret.addExtension(sRegRequest);

Below is the code to process Return URL:

if(authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)){
  MessageExtension extension = authSuccess.getExtension(SRegMessage.OPENID_NS_SREG);
    if (extension instanceof SRegResponse) {
        SRegResponse sRegResponse = (SRegResponse)extension;
        email = sRegResponse.getAttributeValue("email");
    }
 }

Below is the log:

INFO: 2010-09-12 11:19:42,095 INFO  - Verifying authentication response...

INFO: 2010-09-12 11:19:42,173 INFO  - Received positive auth response.

INFO: 2010-09-12 11:19:42,187 INFO  - Found association: 
{HMAC-SHA256}{4c8cef93}{c8ipaQ==} verifying signature locally...

INFO: 2010-09-12 11:19:43,050 INFO  - Verification succeeded for: 
http://ramanauppala.myopenid.com/

It seems authentication is verified , but MyOpenId not returning the email 
attribute.

Please let me know if i am doing nay thing wrong.

Original comment by ramanaup...@gmail.com on 12 Sep 2010 at 3:31

GoogleCodeExporter commented 8 years ago
Your code looks good, I don't know why either. If you like you can try the 
sample in the svn repo named consumer-servlet. I just tried it yesterday, it 
can retrieve the email from myopenid using simple registration extension.

Original comment by zhoushu...@gmail.com on 13 Sep 2010 at 7:51

GoogleCodeExporter commented 8 years ago
Hi ,

Thanks for the response.

While using the Simple Registration, i am getting below warning message when i 
try to authenticate with yahoo:

"Warning: Yahoo! cannot verify this website. We recommend you do not share any 
personal information with this website. "

Do i need to have XRDS  document ?
Is ConsumerServlet example..also has same warning?

Original comment by ramanaup...@gmail.com on 13 Sep 2010 at 10:48

GoogleCodeExporter commented 8 years ago
Yes, the consumer-servlet got the warning too.

Maybe the following article can explain the reason

Enabling your application for return URL verification:
http://cakebaker.42dh.com/2008/03/18/enabling-your-application-for-return-url-ve
rification/

Original comment by zhoushu...@gmail.com on 13 Sep 2010 at 6:00

GoogleCodeExporter commented 8 years ago
And I tried using Attribute Exchange extension, retrived the email from yahoo 
without any warning ;-)

Original comment by zhoushu...@gmail.com on 13 Sep 2010 at 6:03

GoogleCodeExporter commented 8 years ago
Yes When i am using Attribute Exchange, I am also not getting the warning.

While Using the Simple Registration, I have got the warning and same time i am 
not getting the email attribute from provider.

Still i have problem with Simple Registartion, I am not able to get "email" 
from MyOpenId and Blogger.

I have verified the code of Consumer Servlet and it looks everything is same.

May be i am missing something.

Thanks,
Ramana.

Original comment by ramanaup...@gmail.com on 13 Sep 2010 at 6:10

GoogleCodeExporter commented 8 years ago
I tried consumer-servlet-0.9.5 and consumer-servlet-0.9.6-SNAPSHOT, that all 
work OK.

Havn't you checked the "detail" on myopenid page while continue to redirect to 
consumer page.

It looks like this:

 You are signing in to localhost:8080/consumer-servlet/consumer as https://hello.myopenid.com/.
Continue »
Options
Include information from profile:
details
Nickname    hello
E-mail  world@example.com
Full Name   hello
Birth Date  2000-01-01
Gender  M
Postal Code     test123
Country     omit
Language    omit
Time Zone   omit/omit
back to localhost:8080/consumer-servlet/consumer
Skip this step next time I sign in to localhost:8080/consumer-servlet/consumer 

Original comment by zhoushu...@gmail.com on 14 Sep 2010 at 3:21

GoogleCodeExporter commented 8 years ago
Hi Ramana,

To get the email or any other details from the myopenid.com, you need to create 
a personas in the myopenid if you have not created it. 

Here is the way to create personas in myopenid.
1. Login to myopenid.com
2. Select your account.
3. Registration Personas.

Now you can create a persona for your account and these persona details will be 
transferred from the myopenid.com to your application (login page).

Original comment by rajendra...@gmail.com on 8 Nov 2010 at 1:50

GoogleCodeExporter commented 8 years ago
I do have a person and am able to authorize information sharing to my site with 
myopenid, however my client is unable to retrieve attributes from myopenid.com. 
It does work with Google, Yahoo, and Blogger providers. With myopenid the 
following verification of the returned URL throws and exception "0x100: 
Required parameter missing: openid.mode" since request.getParameterMap() does 
not contain following required attributes: openid.mode, openid.return_to, 
openid.assoc_handle, openid.signed, openid.sig. Please advise

        ConsumerManager manager = (ConsumerManager) session.getAttribute(SESSION_KEY_MANAGER);
        DiscoveryInformation info = (DiscoveryInformation) session.getAttribute(SESSION_KEY_INFORMATION);

        VerificationResult result = manager.verify((String) session.getAttribute(SESSION_KEY_RETURN_TO),
                new ParameterList(request.getParameterMap()), info);
        Identifier identifier = result.getVerifiedId();

Original comment by ishai...@gmail.com on 10 Feb 2011 at 5:56

GoogleCodeExporter commented 8 years ago
Folks,

All of you have mentioned that the code works for Yahoo and Google. For me the 
fetch for Yahoo always fails.

Things that I don't understand: How do you setup the API Key provided by Yahoo 
authRequest?

Here is my sample code for request...

            // obtain a AuthRequest message to be sent to the OpenID provider
            AuthRequest authReq = manager.authenticate(discovered, returnToUrl);

            // Attribute Exchange example: fetching the 'email' attribute
            FetchRequest fetch = FetchRequest.createFetchRequest();
            /*
            if ("G".equals(httpReq.getParameter("providerType"))) 
            { 
                    fetch.addAttribute("email", "http://axschema.org/contact/email", true); 
                    fetch.addAttribute("firstName", "http://axschema.org/namePerson/first", true); 
                    fetch.addAttribute("lastName", "http://axschema.org/namePerson/last", true); 
            } 
            else if ("Y".equals(httpReq.getParameter("providerType"))) 
            { 
                    fetch.addAttribute("email", "http://axschema.org/contact/email", true); 
                    fetch.addAttribute("fullname", "http://axschema.org/namePerson", true); 
            } 
            */
            fetch.addAttribute("email",
                    // attribute alias
                    "http://schema.openid.net/contact/email",   // type URI
                    true);                                      // required

            fetch.addAttribute("firstname",
                    "http://openid.net/schema/namePerson/first", false);

            fetch.addAttribute("lastname",
                    "http://openid.net/schema/namePerson/last", false);

            // attach the extension to the authentication request
            authReq.addExtension(fetch);

HERE IS MY CODE for Response
------------------------------------------

                if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
                {
                    FetchResponse fetchResp = (FetchResponse) authSuccess
                            .getExtension(AxMessage.OPENID_NS_AX);

                    List emails = fetchResp.getAttributeValues("email");
                    email = (String) emails.get(0);

                    List firstnames = fetchResp.getAttributeValues("firstname");
                    firstname = (String) firstnames.get(0);

                    List lastnames = fetchResp.getAttributeValues("lastname");
                    lastname = (String) lastnames.get(0);

                    List fullnames = fetchResp.getAttributeValues("fullname");
                    fullname = (String) fullnames.get(0);
                }

For Yahoo the hasExtension call always fails.

Any help deeply appreciated, I am just not able to understand how to fix this?

Original comment by jumpsm...@gmail.com on 24 Mar 2011 at 2:21

GoogleCodeExporter commented 8 years ago
Nothing to do at the library level, interop issue with providers' supported 
attribute names.

Original comment by Johnny.B...@gmail.com on 1 Nov 2012 at 2:16