Comments (5)
Fixed now, using different fix however.
Since I'm able to detect the protocol version being used and read the
claimed_id, I've just appended it to the returnUrl.
Thanks for reporting it.
Original comment by [email protected]
on 25 Sep 2010 at 10:21
- Changed state: Fixed
from lightopenid.
Thank you for the quick fix.
In my case http://nhnb.de --> http://nhnb.myopenid.com,
$this->data['openid_op_endpoint'] is set, too. So the code is not executed
because of the "else":
# Even though we should know location of the endpoint,
# we still need to verify it by discovery, so $server is not set here
$params['openid.ns'] = 'http://specs.openid.net/auth/2.0';
- } elseif(isset($this->data['openid_claimed_id'])) {
+ }
+ if(isset($this->data['openid_claimed_id'])) {
# If it's an OpenID 1 provider, and we've got claimed_id,
# we have to append it to the returnUrl, like authUrl_v1 does.
$this->returnUrl .= (strpos($this->returnUrl, '?') ? '&' : '?')
I am not sure if I have messed up something elsewhere. While myopenid and
google work, trying to use Yahoo or AOL ends up with "No server found" (still
need to investigate that further).
Original comment by [email protected]
on 26 Sep 2010 at 5:28
from lightopenid.
authUrl_v1() only appends the openid.claimed_id on delegation, so validate()
has to do the same:
- } elseif(isset($this->data['openid_claimed_id'])) {
+ }
+ if(isset($this->data['openid_claimed_id'])
+ && ($this->data['openid_claimed_id'] !=
$this->data['openid_identity'])) {
Original comment by [email protected]
on 26 Sep 2010 at 5:44
from lightopenid.
Though your fix would break OpenID 2.0, which can contain openid.claimed_id and
it won't be part of return_to.
Anyway, the OP shouldn't return openid_op_endpoint in OpenID 1.1.
I'll try to change detection method and see if this works.
Original comment by [email protected]
on 26 Sep 2010 at 6:21
- Changed state: Started
from lightopenid.
It seems to work now.
By the way, while the bug is valid, you could easily avoid it by using OpenID
2.0 delegation.
Original comment by [email protected]
on 27 Sep 2010 at 11:01
- Changed state: Fixed
from lightopenid.
Related Issues (20)
- version 0.5 example works but not version 0.6 HOT 3
- Ax/SReg Params may be unsigned
- LightOpenId constructor fails when trusted root URL is less than 8 chars
- Problem with curl request on a server
- Missing: A License File HOT 2
- add composer support HOT 1
- wrong mimetype check in openid.php ? HOT 3
- Use Steam as provider HOT 1
- #-comments HOT 6
- returning clamed_id is a wrong approach HOT 5
- magic get/set methods HOT 3
- LightOpenID magic properties do not work with Twig template engine due to lack of __isset
- New release HOT 1
- keep waiting for localhost HOT 2
- Validation fails when there are accent in the required variable HOT 2
- Yahoo OpenID not working on newer versions of PHP/cURL [patch proposed]
- The regular expressions in htmlTag parse some valid responses incorrectly
- Support for OpenID Connect? HOT 1
- How to select eid applet language ?
- Unregistered domain error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lightopenid.