Closed GoogleCodeExporter closed 8 years ago
Fixed now, using different fix however.
Since I'm able to detect the protocol version being used and read the
claimed_id, I've just appended it to the returnUrl.
Thanks for reporting it.
Original comment by mewp...@gmail.com
on 25 Sep 2010 at 10:21
Thank you for the quick fix.
In my case http://nhnb.de --> http://nhnb.myopenid.com,
$this->data['openid_op_endpoint'] is set, too. So the code is not executed
because of the "else":
# Even though we should know location of the endpoint,
# we still need to verify it by discovery, so $server is not set here
$params['openid.ns'] = 'http://specs.openid.net/auth/2.0';
- } elseif(isset($this->data['openid_claimed_id'])) {
+ }
+ if(isset($this->data['openid_claimed_id'])) {
# If it's an OpenID 1 provider, and we've got claimed_id,
# we have to append it to the returnUrl, like authUrl_v1 does.
$this->returnUrl .= (strpos($this->returnUrl, '?') ? '&' : '?')
I am not sure if I have messed up something elsewhere. While myopenid and
google work, trying to use Yahoo or AOL ends up with "No server found" (still
need to investigate that further).
Original comment by HendrikU...@nexgo.de
on 26 Sep 2010 at 5:28
authUrl_v1() only appends the openid.claimed_id on delegation, so validate()
has to do the same:
- } elseif(isset($this->data['openid_claimed_id'])) {
+ }
+ if(isset($this->data['openid_claimed_id'])
+ && ($this->data['openid_claimed_id'] !=
$this->data['openid_identity'])) {
Original comment by HendrikU...@nexgo.de
on 26 Sep 2010 at 5:44
Though your fix would break OpenID 2.0, which can contain openid.claimed_id and
it won't be part of return_to.
Anyway, the OP shouldn't return openid_op_endpoint in OpenID 1.1.
I'll try to change detection method and see if this works.
Original comment by mewp...@gmail.com
on 26 Sep 2010 at 6:21
It seems to work now.
By the way, while the bug is valid, you could easily avoid it by using OpenID
2.0 delegation.
Original comment by mewp...@gmail.com
on 27 Sep 2010 at 11:01
Original issue reported on code.google.com by
HendrikU...@nexgo.de
on 25 Sep 2010 at 9:14