ZF-6905: Zend_OpenID need support for OpenId Specification 2.0 final

Issue Type:
Improvement
Created:
2009-06-04T13:19:29.000+0000
Last Updated:
2012-02-24T22:41:58.000+0000
Status:
Closed
Fix version(s):
    Reporter:
    buzz lightgear (buzz)
    Assignee:
    Adam Lundrigan (adamlundrigan)
    Tags:
    • Zend_OpenId
    Related issues:
    Attachments:

    Description

    We need the final spec implemented to use openid with yahoo and google accounts!!! Here we found a hack for zend, perhaps this is a solution: http://stackoverflow.com/questions/741345/…

    From the link: Little late to the game but I was able to get this working with some hacks I found around the interwebs.

    First. Yahoo. To get Yahoo working all I had to do was change the JavaScript to use me.yahoo.com instead of just yahoo.com and it worked perfectly with the version of the Zend Framework I'm using. Unfortunately Google still wasn't, so some hacking was in order.

    All of these changes go in Zend/OpenId/Consumer.php

    First, in the _discovery method add the following on the series of preg_match checks that starts at around line 740.

    
} else if (preg_match('/([^<]+)<\/URI>/i', $response, $r)) {
  $version = 2.0;
  $server = $r[1];

    I added this right before the return false; statement that's in the else {} block.

    Second, in the _checkId method you'll need to add 3 new blocks (I haven't dug around enough to know what causes each of these three cases to be called, so I covered all to be on the safe side.

    Inside the $version <= 2.0 block, you'll find an if/else if/else block. In the first if statement ($this->_session !== null) add this to the end:

    
if ($server == 'https://www.google.com/accounts/o8/ud') {
  $this->_session->identity = 'http://specs.openid.net/auth/2.0/identifier_select';
  $this->_session->claimed_id = 'http://specs.openid.net/auth/2.0/identifier_select';
}

    In the else if (defined('SID') block add this to the end:

    
if ($server == 'https://www.google.com/accounts/o8/ud') {
  $_SESSION['zend_openid']['identity'] = 'http://specs.openid.net/auth/2.0/identifier_select';
  $_SESSION['zend_openid']['claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select';
}

    And then after the else block (so outside the if/else if/else block all together, but still inside the $version <= 2.0 block) add this:

    
if ($server == 'https://www.google.com/accounts/o8/ud') {
  $params['openid.identity'] = 'http://specs.openid.net/auth/2.0/identifier_select';
  $params['openid.claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select';
}

    Comments

    Posted by Alfredo Artiles (aartiles) on 2009-06-28T05:18:23.000+0000

    I have tried this patch and didn't work for me. I am using 1.8.4. I hope to see a solution to authenticate with google and yahoo soon

    Posted by Chris (chris.bisnett) on 2009-07-20T15:51:47.000+0000

    I have found this patch to work for version 1.8.4p1.

    Posted by Satoru Yoshida (satoruyoshida) on 2009-08-03T19:18:38.000+0000

    add code tag

    Posted by Igor (urn) on 2009-09-24T04:00:17.000+0000

    Thanks for the hack. We definately need official support of 2.0 version of OpenId. When will it be..?

    Posted by Niek Bosch (eekhoorn13) on 2010-08-11T09:26:48.000+0000

    I've done this for my own website. It's probably not conform all Zend Framework standards and it lacks unit testing and all that. Nevertheless, it will probably help you a great deal. When I'm more at home in this contributing thing, I'll do more work myself. For now it supports:

    • XRI (not tested in this version)
    • Yadis discovery
    • XRDS document parsing (as is needed for XRI and Yadis)
    • HTML discovery (not changed)

    It works with google and with myopenid.com

    Posted by Torio Farazdagi (torio) on 2010-08-11T10:17:31.000+0000

    Thanks Niek! Will look into the supplied code and accommodate for ZF standards + UTs.

    Posted by DJ (cloakedninjas) on 2010-08-16T04:22:20.000+0000

    While the attached script does allow for authentication with Google, Yahoo - or any other v2.0 provider still won't.

    I've had to ditch ZF in favour of a complete working solution. I'm now using an implementatation from Janrain : http://www.janrain.com/openid-enabled

    Posted by Carlos Rodrigues (carlos.vini) on 2011-07-21T20:12:11.000+0000

    The changes suggested worked for me. But there is a problem when you use a Google Apps domain as the identifier, like this: *https://google.com/accounts/o8/…

    The login() method works fine, but in this case the verify() method is unable to discover the data because Google sends back the identity in a format similar to this: * http://example.com/openid/123456789

    I don't know if its a Google problem, or a Zend problem. But i had to comment the lines below to ignore the discovery on verify().

    /* } else if (!$this->_discovery($id, $discovered_server, $discovered_version)) { $this->_setError("Discovery failed: " . $this->getError()); return false;

                    } else if ((!empty($params['openid_identity']) &&
                            $params["openid_identity"] != $id) ||
                           (!empty($params['openid_op_endpoint']) &&
                            $params['openid_op_endpoint'] != $discovered_server) ||
                           $discovered_version != $version) {
                    $this->_setError("Discovery information verification failed");
                    return false;
                */

    Posted by Adam Lundrigan (adamlundrigan) on 2012-02-24T22:41:58.000+0000

    Closing as "Needs Proposal". If someone wants to step up and implement this for v1.12 please draft an RFC.