can't auth to myopenid.com server responds: 'check_authentication' call is not valid"

nbudin / devise_openid_authenticatable

OpenID authentication for Devise

MIT License

99 stars 32 forks source link

can't auth to myopenid.com server responds: 'check_authentication' call is not valid" #7

Closed douglasrw closed 14 years ago

douglasrw commented 14 years ago

So, I've got it authenticating to Google fine, but when I try to use myopenid.com to sign_in (I'm using create_from_identity_url) , it fails.

From my log:

@message="Server http://www.myopenid.com/server responds that the 'check_authentication' call is not valid"

nbudin commented 14 years ago

I think this is likely equivalent to http://github.com/openid/ruby-openid/issues/#issue/1. After some investigation, I was able to figure a workaround. Like the other issue you reported, this is related to the config.middleware.use line in environment.rb:

require 'openid/store/memory'
config.middleware.use "Rack::OpenID", OpenID::Store::Memory.new

This fixes the issue at least in my tests. But it raises some other questions: first, why is this necessary? Using OpenID::Store::Memory is supposed to be the default behavior for the Rack::OpenID middleware. Second, why does this only happen in Rails 3?

I think this must be related to the way Rails 2 initializes Rack middleware. I'll need to investigate further. In the meantime, could you try the workaround above and confirm that it fixes the issue for you?

douglasrw commented 14 years ago

Yes, that works for me. thanks.

nbudin commented 14 years ago

OK, I've figured this out. Rails 2 and 3 treat Rack middleware differently, it seems: in Rails 2, the middleware stack is recreated on each request using the parameters you specified in config/environment.rb. This seems to hold true even in production mode.

This is usually harmless, but Rack::OpenID expects to have a persistent store between requests, so recreating the object with no parameters will break this expectation since it results in a new Memory store being created on initialization. Rails 3 doesn't appear to do it this way: the middleware stack is built a single time and then used for all subsequent requests.

The workaround above fixes this issue because it instantiates the Memory store upfront and then passes in the same instance each time Rack::OpenID is initialized. Unfortunately, this is the best fix I've been able to determine. I'll add this to the README.