CODEWITHSUNDEEP
phpopenidsingle-sign-onlightopenid
Yoz
Yoz

Reputation: 990

No OpenID Server found at https://www.google.com/accounts/o8/id

Interesting enough I am using the same .php scripts on two different servers (a.com, b.com) with different results, I guess those have different configurations. While on a.com I am able to go through SSO process nicely, the b.com throws "No OpenID Server found at https://www.google.com/accounts/o8/id".

my php script looks as following:

$openid = new LightOpenID($_SERVER["HTTP_HOST"]);
$openid->required = array
(
    'contact/email',
    'namePerson/first',
    'namePerson/last'
);
if(!$openid->mode)
{
    $openid->identity = 'https://www.google.com/accounts/o8/id';
    header('Location: ' . $openid->authUrl());
}

in b.com the line $openid->authUrl() throws an error saying: No OpenID Server found at https://www.google.com/accounts/o8/id

What server configuration may cause this isse?

Upvotes: 4

Views: 4762

Answers (2)

tony gil
tony gil

Reputation: 9554

Google has discontinued OpenID support and as of July 22nd 2015 has removed this endpoint.

The approved solution/answer has become obsolete.

Please migrate to OAuth. If using a client (javascript) login, this tutorial by google comes with a fully functional example.

this code below is another fully functional example (just tested it), but it goesone step further and integrates with a server side PHP script. please substitute your own CLIENT ID (as defined in your google developer console) and YOURDOMAIN.COM (in php).

<html lang="en">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <head>
    <meta name="google-signin-scope" content="profile email">
    <meta name="google-signin-client_id" content="1111111111111111111-11111111111111111111111111111111111.apps.googleusercontent.com">
    <script src="https://apis.google.com/js/platform.js" async defer></script>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js">
    </script>
    <script>
      function signOut() {
        var auth2 = gapi.auth2.getAuthInstance();
        auth2.signOut().then(function () {
            console.log('User signed out.');
            userDataClear();
        });
      }
      function disassociate() {
        var auth2 = gapi.auth2.getAuthInstance();
        auth2.disconnect().then(function () {
            console.log('User disconnected from association with app.');
            userDataClear();
        });
      }
      function onSignIn(googleUser) {
            // Useful data for your client-side scripts:
            var profile = googleUser.getBasicProfile();
            console.log("ID: " + profile.getId()); // Don't send this directly to your server!
            // The ID token you need to pass to your backend:
            var id_token = googleUser.getAuthResponse().id_token;
            var xhr = new XMLHttpRequest();
            xhr.open('POST', 'http://YOURDOMAIN.COM/twoStep02.php');
            xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
            xhr.onload = function() {
                console.log('NEW Signed in Google Client ID: ' + xhr.responseText);
            };
        xhr.send('idtoken=' + id_token);
            console.log("ID Token: " + id_token);
            userDataDisplay(profile);
      }
      function userDataDisplay(profile) {
        document.getElementById("foto").innerHTML = '<img src="' + profile.getImageUrl() + '"></img>';
        document.getElementById("email").innerHTML = profile.getEmail();
        document.getElementById("nome").innerHTML = profile.getName();
      }
      function userDataClear() {
        document.getElementById("foto").innerHTML = ' ';
        document.getElementById("email").innerHTML = ' ';
        document.getElementById("nome").innerHTML = ' ';
      }
   </script>
  </head>
  <body>
    <div id="login-button" class="g-signin2" data-onsuccess="onSignIn" data-theme="dark"></div>
    <div><a href="/#" onclick="signOut();">Sign out</a></div>
    <div><a href="/#" onclick="disassociate();">Disassociate App and Site (easily undone)</a></div>
    <div id="foto"></div>
    <div id="nome"></div>
    <div id="email"></div>
  </body>
</html>

and this is the php side to the jquery/ajax call (twoStep.php)

<?php

    $idToken = $_POST["idtoken"];
    $url = 'https://www.googleapis.com/oauth2/v3/tokeninfo?id_token='.$idToken;
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($ch);
    $json = json_decode($response, true);
    curl_close($ch);

    $userEmail = $json["email"];
    $clientId = $json["azp"];
    print_r($json); // returns array console readable

?>

HINT 4 newbies: read console output by rightclicking on any element of the page and choosing "inspect element", then changing to CONSOLE tab.

Upvotes: 3

Yoz
Yoz

Reputation: 990

Luckily, server admins were able to quickly discover the config difference in php configuration allow_url_fopen = 1 solved the issue

Upvotes: 3

Related Questions