yohcop / openid-go Goto Github PK

I added a fmt.Println("This is the endpoint: " + endpoint)

into nonceStore.go inside the Accept method

but it prints empty with no value, is this to be expected?

Could you add extension support for sreg

I have implemented one for myself. I think it is basically modify a bit in function buildRedirectURL under redirect.go.

Running go test from the integration directory results in the following output:

MacBook-Pro:integration doug(master)$ go test
--- FAIL: TestGoogleCom (0.22s)
    discovery_test.go:36: Discovery failed
    discovery_test.go:39: Unexpected endpoint:
    discovery_test.go:42: Unexpected localId:
    discovery_test.go:45: Unexpected claimedId:
FAIL
exit status 1
FAIL    github.com/yohcop/openid-go/integration 1.895s

Both the Google URLs in the test file return HTTP 404 not founds.

$ curl -v https://www.google.com/accounts/o8/ud 2>&1|grep '< HTTP/1.1'
< HTTP/1.1 404 Not Found
$ curl -v https://www.google.com/accounts/o8/id 2>&1|grep '< HTTP/1.1'
< HTTP/1.1 404 Not Found

It appears that Google has dropped OpenID 2.0 support. Probably the solution to this is to remove Google from the integration tests.

I've looked through, and every single fork of https://github.com/fduraffourg/go-openid including the unmaintained master has the same gaping security hole:
The majority of the openid verification is unimplemented and any openid.op_endpoint can be passed in, making the whole process pointless and trivial to bypass.

I would either remove the link from your readme, or at least make a note that every branch (as of right now) is completely insecure.

Using your example I got such error: " Nonce too old" What can I do?

And could you be more specific about your comment:
// For the demo, we use in-memory infinite storage nonce and discovery
// cache. In your app, do not use this as it will eat up memory and never
// free it. Use your own implementation, on a better database system.
// If you have multiple servers for example, you may need to share at least
// the nonceStore between them.

what is "own better implementation"? How to do this? I don't understand quite good meaning of nonce and discovery cache.. sorry.

THank you for any kind of help.

jchen@rousseau> go get github.com/yohcop/openid.go
stat github.com/yohcop/openid.go: no such file or directory

https://groups.google.com/forum/?fromgroups#!topic/golang-nuts/dnOK9j5Fvn4

Is it possible to rename this project to openid-go or the like?

Hi!
Could you please attach some license for your library? I couldn't find anything, and I'd like to know if I could use it in my projects, and under what conditions.
Thanks in advance!

Would you be willing to commit the Apache v2 as a dedicated file (eg: named 'LICENSE')? Apologies for the request, but some legal teams require this for code use.

The example code from Appendix A.4. HTML Identifier Markup doesn't work:

<link rel="openid2.provider openid.server"
      href="http://www.livejournal.com/openid/server.bml"/>

My OID provider provides nickname/email, and I know it's working because GNUSocial is able to retrive them. How do I retrive them with openid-go ?

At https://github.com/yohcop/openid-go/blob/master/normalizer.go#L22

if id comes in as empty string "" this panics with an index out of range instead of returning an error.

Hi,

Can you explain how to use the discovery cache. I see that the cache is not at all used, because while there is a Get in verify.go, there is no Put in the code anywhere. Am I supposed to do the Put myself?

In verify.go - control goes to and discovered is always nil
168 discovered := cache.Get(endpoint)
Then it returns from this block, but I don't see cache.Put anywhere in code.
197 if ep == endpoint {
Are we supposed to Put the discovered url at this point, or do this externally? An example will help greatly.
I am sorry if the question is unclear, and i haven't fully understood the code or protocol, so it may be my flawed understanding, apologies in advance.

I noticed the nonce store is time-based (1 minute lifetime) -- how about also providing a time-based discovery cache ? Am I right that the discovery cache would make changes to the OpenID URI page invisible once the discovered information is cached, at the moment ?

wordpress.com exposes openid.server and openid.delegate rel links, and openid-go complains with LINK with rel=openid2.provider not found -- is there any plan to support the old version ?

I've read somewhere that new wordpress.com blogs will NOT support OpenID at all, but there are many old blogs that will continue to work with the old openid version.

Sorry for using your issues as a way to do this, but just wondering if you wanted to link to it from your readme or anything, I've created a package https://github.com/Gacnt/gormid so that users can easily use gorm to store their nonces / discovery caches in any type of database that gorm supports e.g. mysql/postgres/sqlite and more.

I also made a SQLX adapter
https://github.com/Gacnt/sqlxid

$ go get github.com/yohcop/openid.go/src/openid
package exp/html: unrecognized import path "exp/html"

$ go version
go version go1.1.2 linux/amd64

https://github.com/yohcop/openid-go/blob/master/_example/server.go#L52-L54

I want here detailed example. In this case, I do not know what to definition in fullurl and discoveryCache, nonceStore.