tags:

views:

266

answers:

3

i developed a login form that allows the use of openID. Works fine for most users, but this user has a .mp address. The openID connection keeps on failing.

i tracked down the .mp domain to the provider http://chi.mp (yeah, i know).

I use the simpleOpenId php class to perform the connexion. It returns no error, just dies silently.

Anybody has idea on where this issue comes from?

UPDATE:

As suggested, i've set up the Janrain library at http://openidenabled.com/php-openid/ as that works with OpenID 2.x.

Alas, same goes here: login in using .. works, but .mp does not. It says "Authentication error; not a valid OpenID."

You can try it for yourself here.

+2  A: 

Is suspect it may be due to a differing OpenID protocol (if you can't login via OpenID using your Google Account, then this is a key sign). Try using the Janrain library at http://openidenabled.com/php-openid/ as that works with OpenID 2.x

Richy C.
you mean Google Account like [email protected] ?
pixeline
That is correct.
Richy C.
i've updated the question with the result of my trying your suggestion.
pixeline
Thanks - I've just setup a chi.mp account and tried logging into a (slightly modified version - PHP 5.3 fixes an debug logging mainly-still testing the changes though) of the Janrain library on http://www.mangahigh.com and it works without problems, but not yours. I assume your server is able to make outbound requests on port 80 and 443?
Richy C.
hi Richy, i would assume so, but could you tell me how can I verify that?
pixeline
ok, i' ve asked on another thread and it turns out i can fetch pages via http but not via https. Could that be it ?
pixeline
If you have SSH access to the server, the easiest way would be to try something like "wget https://mail.google.com/" or "lynx https://mail.google.com/" - if they don't work, but using http instead of http does work, then that's your problem. If you haven't got SSH access, you could just add a call to curl in PHP to test.If outbound https is blocked from your server, this is probably the cause of your difficulties, but if you contact your server admin and ask them to "Allow TCP outbound from port 443 (https) to all", then this should get things working for you.
Richy C.
+2  A: 

It looks like there is a newer version of the openid class your using. Take a look here: http://extremeswank.com/simpleopenid.html (It says version 1.2 where your link does not specify).

I tested the class you linked to and it had definite issues with any Identity url that has a "https://" prefix. It is seems to be broken for google openid and will convert "http**s**://www.google.com/accounts/o8/id" into "http://www.google.com/accounts/o8/id" which fails. Even the version 1.2 class fails the same way.

I think i would shop around for another php openid library here: http://openid.net/developers/libraries/

Tim Santeford
Tim is right, it looks to me like the library itself is broken. I would switch libraries.
Bob Aman
Tried that. I've updated the question with new updates.
pixeline
hi Tim, i downvoted because the class itself didn't seem to be the use as per my test (using it on another server machine worked fine): but i somewhow missed the "https is the issue" part of your reply. It turns out it is my server curl implementation that breaks https requests ! SO does not allow me to reupvote it unless your answer is edited. So please edit it and i'll reupvote it. Sorry for the misuse.
pixeline
A: 

I'll post the full explanation. The bounty should be splitted to go both to Tim Santeford and Richy C. Because it's thanks to their inputs and advises that i could nail down the issue.

I have no experience with bounties so i hope i can do that, or have the moderator do that.

As for the answer:

The reason why login in with some openid would work and others not was that those not working where openid redirecting to a https url. Yet, my server had libcurl compiled with the https Protocol disabled.

Enabling it makes the openid login works seamlessly.

pixeline