Retrieving XRDS document in OpenID using Ruby

Question

I am just playing around with the OpenID protocol. I am trying to send Discovery request and retrieve the XRDS document from google . When I try to do it from the terminal using the curl, I am getting the following output

curl --url "https://www.google.com/accounts/o8/id"
    <?xml version="1.0" encoding="UTF-8"?>
    <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
      <XRD>
      <Service priority="0">
      <Type>http://specs.openid.net/auth/2.0/server&lt;/Type&gt;
      <Type>http://openid.net/srv/ax/1.0&lt;/Type&gt;
      <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup&lt;/Type&gt;
      <Type>http://specs.openid.net/extensions/ui/1.0/icon&lt;/Type&gt;
      <Type>http://specs.openid.net/extensions/pape/1.0&lt;/Type&gt;
      <URI>https://www.google.com/accounts/o8/ud&lt;/URI&gt;
      </Service>
      </XRD>
    </xrds:XRDS>

When I try to do the same from the ruby code, It gives me a 302 error and the url to which it has moved points to the same request url.

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://www.google.com/accounts/o8/id"&gt;here&lt;/A&gt;.
</BODY>
</HTML>

Code

  require 'net/http'
  require 'net/https'
  require 'uri'
  http = Net::HTTP.new(uri.host, uri.port)

  response =  Net::HTTP.get_response(URI.parse("http://www.google.com/accounts/o8/id"))
  puts "#{response.read_body}"

How to get the XRDS through the code and why is it showing different outputs. Can someone explain it?Thanks

Answer 1

Google expects the https protocol, though in your ruby example you use http, hence the 302 error. The following snippet should get you the xrds document:

require 'net/http'
require 'net/https'
require 'uri'

uri = URI.parse('https://www.google.com/accounts/o8/id')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(uri.request_uri)
response = http.request(request)
puts "#{response.read_body}"

Answer 2

As you can see, when you fetch the document from ruby, it returns 302 status code, which means that you should look for location header and follow it, like curl does.

Another answer suggested just hardcoding the valid url, but that isn't a correct solution, since Google could make it return 302 as well and move the document somewhere else.

Not to mention that you should perform full Yadis discovery instead of hoping that you'll get an XRDS document from the url (because, for example, Google might decide that it's a good location for explanation of OpenID, and move the XRDS somewhere else using X-XRDS-Location header).