Logging in with WebFinger and OpenID

Question

I am messing around with WebFinger and trying to create a small rails app that enables a user to log in using nothing but their WebFinger account. I can succesfully finger myself, and I get back an XRD file with the following snippet:

Link rel="http://specs.openid.net/auth/2.0/provider" href="http://www.google.com/profiles/{redacted}"/

Which, to me, reads, "I have an OpenID 2.0 login at the url: http://www.google.com/profiles/{redacted}". But when I try to use that URL to log in, I get the following error

OpenID::DiscoveryFailure (Failed to fetch identity URL http://www.google.com/profiles/{redacted} : Error encountered in redirect from http://www.google.com/profiles/{redacted}: Error fetching /profiles/{Redacted}: Connection refused - connect(2)):

When I replace the profile URL with 'https://www.google.com/accounts/o8/id', the login works perfectly.

here is the code that I am using (I'm using RedFinger as a plugin, and JanRain's ruby-openid, installed without the gem)

require "openid"
require 'openid/store/filesystem.rb'

class SessionsController < ApplicationController
  def new
    @session = Session.new
    #render a textbox requesting a webfinger address, and a submit button
  end

  def create
#######################
#
#  Pay Attention to this section right here
#
#######################
    #use given webfinger address to retrieve openid login
    finger = Redfinger.finger(params[:session][:webfinger_address])
    openid_url = finger.open_id.first.to_s
    #openid_url is now: http://www.google.com/profiles/{redacted}

    #Get needed info about the acquired OpenID login
    file_store = OpenID::Store::Filesystem.new("./noncedir/")
    consumer = OpenID::Consumer.new(session,file_store)
    response = consumer.begin(openid_url)  #ERROR HAPPENS HERE

    #send user to OpenID login for verification
    redirect_to response.redirect_url('http://localhost:3000/','http://localhost:3000/sessions/complete')
  end

  def complete
    #interpret return parameters
    file_store = OpenID::Store::Filesystem.new("./noncedir/")
    consumer = OpenID::Consumer.new(session,file_store)
    response = consumer.complete params
    case response.status
    when OpenID::SUCCESS
      session[:openid] = response.identity_url
      #redirect somehwere here
    end
  end
end

Is it possible for me to use the URL I received from my WebFinger to log in with OpenID?

Answer 1

Yes, absolutely. Though I haven't released the source code (yet), you can test this out on webfinger.org. The implementation is basically as you describe. I'm not sure why your login example isn't working, unfortunately.