CODEWITHSUNDEEP
phpopenid
Jamie
Jamie

Reputation: 371

OpenID Implementation for Google.. 400 Bad Request

So I'm trying to get a grasp of OpenID, and I feel I understand the theory, etc... now it's come to implementing it. I've got a very basic setup that sends a curl request to the google provider address..

https://www.google.com/accounts/o8/id

parses the returned XRDS xml file

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
  <XRD>
    <Service priority="0">
      <Type>http://specs.openid.net/auth/2.0/server</Type>
      <Type>http://openid.net/srv/ax/1.0</Type>
      <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
      <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
      <Type>http://specs.openid.net/extensions/pape/1.0</Type>
      <URI>https://www.google.com/accounts/o8/ud</URI>
    </Service>
  </XRD>
</xrds:XRDS>

After retrieving the actual provider for google from their XRDS document I redirect using this function...

public function RedirectToEndpoint() {
    $params = array();
    $params['openid.mode'] = 'checkid_setup';
    $params['openid.ns'] = 'http://specs.openid.net/auth/2.0';
    $params['openid.claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select';
    $params['openid.identity'] = 'http://specs.openid.net/auth/2.0/identifier_select';
    $params['openid.return_to'] = $this->URLs['return_to'];
    $params['openid.realm'] = $this->URLs['realm'];

    $join = stripos($this->URLs['openid_server'], '?') ? '&' : '?';
    $redirect_to = $this->URLs['openid_server'] . $join . $this->array2url($params);
    if (headers_sent()){ // Use JavaScript to redirect if content has been previously sent (not recommended, but safe)
        echo '<script language="JavaScript" type="text/javascript">window.location=\'';
        echo $redirect_to;
        echo '\';</script>';
    }else{  // Default Header Redirect
        header('Location: ' . $redirect_to);
    }
}

The array2url is a simple function which converts the assoc array $params to append to the query string.

The generated url is such...

https://www.google.com/accounts/o8/ud?openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.return_to=http://learn.local/openid/return.php&openid.realm=http://learn.local/openid/index.html&

However, you end up at a page requested is invalid. And a nice 400 Bad Request.. any ideas?

Upvotes: 2

Views: 769

Answers (1)

Jamie
Jamie

Reputation: 371

All in all, I couldn't feel more stupid! It came down to setting my realm correctly. I had a realm which lead to my return address being out of the available "scope" so to speak. For future people who run into a 400 error, it might be..

$openid->SetReturnAddress(('http://learn.local/openid/return.php')); //.return_to
$openid->SetDomain(('http://learn.local/openid/index.html')); //Realm

A poorly configured realm.. facepalm

It is now...

$openid->SetDomain(('http://learn.local')); //Realm

Upvotes: 3

Related Questions