From kevin at janrain.com Wed Sep 5 18:16:55 2007 From: kevin at janrain.com (Kevin Turner) Date: Wed, 05 Sep 2007 18:16:55 -0700 Subject: draft 12 implementation in python-openid Message-ID: <1189041415.25207.70.camel@localhost> http://openidenabled.com/files/python-openid/packages/python-openid-openid-2.0-draft12.tar.bz2 is a snapshot of our python-openid library. Josh and I have been working on it, and we think we've got draft 12 implemented now. Now we need some integration testing with other implementations. There are live examples for both RP and provider at http://openidenabled.com/python-openid/trunk/examples/ Please try it against any other draft 12 implementations you know of, and let us know how it goes. And if you can point us to online instances of those implementations, please do. Thanks, - Kevin Turner -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid From openid at ryanb.org Thu Sep 6 03:13:14 2007 From: openid at ryanb.org (Ryan Barrett) Date: Thu, 6 Sep 2007 03:13:14 -0700 (PDT) Subject: patch: small crash fix for python 2.0.0rc2 library (fwd) Message-ID: here's another small patch for the python library. i originally sent it to patches at openidenabled.com, but it bounced. i guess only darcs send is allowed to send to that address. not a problem... -Ryan -- http://snarfed.org/ ---------- Forwarded message ---------- Date: Thu, 6 Sep 2007 03:06:55 -0700 (PDT) From: Ryan Barrett To: patches at openidenabled.com Cc: Anton Romanov Subject: small crash fix patch against 2.0.0rc2 hi guys! here's a fix that prevents crashes when there are empty URL parameters. i was seeing the crashes in the openid server code, using the example consumer in with 2.0.0rc2. thanks to antom romanov, cc'ed, for pointing me to the problem. anton, you'll want to apply this fix instead of just commenting out the encoding lines. the patch is against 2.0.0rc2, but oidutil.py in darcs head hasn't really changed at all since then, so it should still apply cleanly. diff -rc python-openid-2.0.0-rc2.orig/openid/oidutil.py python-openid-2.0.0-rc2/openid/oidutil.py *** python-openid-2.0.0-rc2.orig/openid/oidutil.py Tue Apr 3 14:56:14 2007 --- python-openid-2.0.0-rc2/openid/oidutil.py Thu Sep 6 02:54:01 2007 *************** *** 100,109 **** # about the encodings of plain bytes (str). i = 0 for k, v in args: ! if type(k) is not str: k = k.encode('UTF-8') ! if type(v) is not str: v = v.encode('UTF-8') args[i] = (k, v) --- 100,109 ---- # about the encodings of plain bytes (str). i = 0 for k, v in args: ! if k and isinstance(k, unicode): k = k.encode('UTF-8') ! if v and isinstance(v, unicode): v = v.encode('UTF-8') args[i] = (k, v) -Ryan -- http://snarfed.org/ From laurent.piguet at gmail.com Thu Sep 6 07:48:10 2007 From: laurent.piguet at gmail.com (Laurent Piguet) Date: Thu, 06 Sep 2007 16:48:10 +0200 Subject: Trust Once vs Trust Forever, what's the difference? Message-ID: <46e0132c.11355e0a.40fa.ffffdfc8@mx.google.com> Hi, I am new to OpenID, which I found to be just the right thing to implement a lightweight SSO solution for several web applications. So, I have installed the PHP Standalone Server (under PHP5), which works just fine. There is one thing I am curious about: it seems that no matter which button I select between "allow once" or "allow forever", the system *always* asks me to confirm whether I want to confirm my identity to a site I am connecting to. I would expect that if I select "trust forever", I should never have to make that selection ever again for this one site. I have verified that the site in question is in the database, marked as 'trustable', so I am confused. Is this normal behaviour, and I am misunderstanding something, or might there be an issue with the server, or my particular instance of it? Thank you, Laurent From jm at mayfirst.org Thu Sep 6 08:09:50 2007 From: jm at mayfirst.org (Jamie McClelland) Date: Thu, 6 Sep 2007 11:09:50 -0400 Subject: Trust Once vs Trust Forever, what's the difference? In-Reply-To: <46e0132c.11355e0a.40fa.ffffdfc8@mx.google.com> References: <46e0132c.11355e0a.40fa.ffffdfc8@mx.google.com> Message-ID: <20070906150950.GC10090@mayfirst.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu Sep 06, Laurent Piguet wrote: > Hi, > > I am new to OpenID, which I found to be just the right thing to > implement a lightweight SSO solution for several web applications. > So, I have installed the PHP Standalone Server (under PHP5), which > works just fine. > > There is one thing I am curious about: it seems that no matter which > button I select between "allow once" or "allow forever", the system > *always* asks me to confirm whether I want to confirm my identity to > a site I am connecting to. I would expect that if I select "trust > forever", I should never have to make that selection ever again for > this one site. > > I have verified that the site in question is in the database, marked > as 'trustable', so I am confused. > > Is this normal behaviour, and I am misunderstanding something, or > might there be an issue with the server, or my particular instance of it? Thanks for posting this problem. Me too! I have noticed a slightly different behavior than you describe. In my experience, "Allow Forever" actually means "Allow for the duration of your OpenID provider login." In other words, as long as I'm logged into my OpenID Provider, the Allow Forever is respected. However, if I choose Allow Once, then I will need to confirm every time I log into that consumer. However, once I log out of the Provider, then I have to start over again. Personally - I don't think Allow for the duration of this session is very useful. I'd like to see the button remain "Allow Forever" and have it actually allow forever. jamie - -- Jamie McClelland 718-303-3204 ext. 101 May First/People Link Growing networks to build a just world http://www.mayfirst.org Members Local 1180, Communications Workers of America, AFL-CIO PGP Key: http://mayfirst.org/jamie-pgp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG4Bg+nq83YnbMBX0RAiZzAJ953FjJ8ChsC1QLCGwyxF7dxPuu9gCfacH3 Tsyg9Pc9NU3+yUdczexKEEE= =++Xu -----END PGP SIGNATURE----- From norman at rasmussen.co.za Thu Sep 6 08:30:16 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Thu, 6 Sep 2007 17:30:16 +0200 Subject: Trust Once vs Trust Forever, what's the difference? In-Reply-To: <20070906150950.GC10090@mayfirst.org> References: <46e0132c.11355e0a.40fa.ffffdfc8@mx.google.com> <20070906150950.GC10090@mayfirst.org> Message-ID: <5b698f5a0709060830y30afb1f4n9f458afd81494708@mail.gmail.com> On 9/6/07, Jamie McClelland wrote: > > Personally - I don't think Allow for the duration of this session is very > useful. I'd like to see the button remain "Allow Forever" and have it > actually > allow forever. As far as I've seen, Allow Forever should store the site's url in the database and never ask again. Obviously you have to re-login, but it should be automatic after that. I haven't checked the few ID url's that I use, but I bet that some of them (including the standalone PHP server) have bugs in them that need to be fixed. -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070906/1b276ce2/attachment.html From Ashley at demoxi.com Thu Sep 6 09:53:46 2007 From: Ashley at demoxi.com (Ashley Pond) Date: Thu, 6 Sep 2007 09:53:46 -0700 Subject: No subject Message-ID: <420A6A97F3739B43B7017D5E764CC0EA022309@argon.Demoxi.local> Hi all. [First post, just joined. Checked archives. Tried to RTfriendlyM] I'm trying without success to use the Consumer (Relying Party) PHP example from this library -- http://www.openidenabled.com/php-openid/ I've tried both posted versions, 1 and 2. Neither works in my setup/environment. They both fail on valid OpenIDs with the error "Expected an OpenID URL." The main Server I've been testing against is myopenid.com. I'm not a PHP guy but I can read the code pretty well. The problem is somewhere in Auth_Yadis_ParanoidHTTPFetcher. The fetches are just failing. They fail with curl installed and accessible and without. Fail with PHP 4 and 5. This is some extra info according to the detect script: "Your PHP installation does not include big integer math support. This support is required if you wish to run a secure OpenID server without using SSL." With curl: --- This PHP installation has support for libcurl. Good. Fetching URL failed! ---- Without curl: ---- "An HTTP request was completed. Got instead of the expected HTTP status code (200). An unexpected URL was returned: <>. Unexpected data was returned." ---- For the first one, I tried manually defining Auth_OpenID_NO_MATH_SUPPORT true, though I think the code does that in the background if there is bad math support. No dice. For the second...? Is this because it's trying to return an HTTPS that can't be handled? Is there a Server/Provider I can test against that does not use HTTPS to see if that's the problem? Any ideas on where to look or what I need to install would be greatly appreciated. -Ashley -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070906/f9e943cf/attachment.htm From kevin at janrain.com Thu Sep 6 11:47:48 2007 From: kevin at janrain.com (Kevin Turner) Date: Thu, 06 Sep 2007 11:47:48 -0700 Subject: php fetcher failure ("expected an OpenID URL") In-Reply-To: <420A6A97F3739B43B7017D5E764CC0EA022309@argon.Demoxi.local> References: <420A6A97F3739B43B7017D5E764CC0EA022309@argon.Demoxi.local> Message-ID: <1189104468.25207.78.camel@localhost> This makes me wonder -- can you fetch *anything* with curl in that environment? Or is there some dns misconfiguration or firewalling that prevents you from doing so? It won't need to fetch HTTPS for myopenid.com identities unless you explicitly specify the 'https://' prefix, so that's probably a red herring. On Thu, 2007-09-06 at 09:53 -0700, Ashley Pond wrote: > Hi all. [First post, just joined. Checked archives. Tried to > RTfriendlyM] > > I'm trying without success to use the Consumer (Relying Party) PHP > example from this library -- http://www.openidenabled.com/php-openid/ > > I've tried both posted versions, 1 and 2. Neither works in my > setup/environment. They both fail on valid OpenIDs with the error > "Expected an OpenID URL." The main Server I've been testing against is > myopenid.com. [...] From Ashley at demoxi.com Thu Sep 6 12:18:22 2007 From: Ashley at demoxi.com (Ashley Pond) Date: Thu, 6 Sep 2007 12:18:22 -0700 Subject: php fetcher failure ("expected an OpenID URL") Message-ID: <420A6A97F3739B43B7017D5E764CC0EA02230D@argon.Demoxi.local> Seems to work fine. I just tried it from the shell and from a little dummied up Perl two-line CGI. Any other ideas or debugging strategies? Thanks! -Ashley -----Original Message----- From: dev-bounces at lists.openidenabled.com on behalf of Kevin Turner Sent: Thu 9/6/2007 11:47 AM To: discuss OpenID libraries and development Subject: Re: php fetcher failure ("expected an OpenID URL") This makes me wonder -- can you fetch *anything* with curl in that environment? Or is there some dns misconfiguration or firewalling that prevents you from doing so? It won't need to fetch HTTPS for myopenid.com identities unless you explicitly specify the 'https://' prefix, so that's probably a red herring. On Thu, 2007-09-06 at 09:53 -0700, Ashley Pond wrote: > Hi all. [First post, just joined. Checked archives. Tried to > RTfriendlyM] > > I'm trying without success to use the Consumer (Relying Party) PHP > example from this library -- http://www.openidenabled.com/php-openid/ > > I've tried both posted versions, 1 and 2. Neither works in my > setup/environment. They both fail on valid OpenIDs with the error > "Expected an OpenID URL." The main Server I've been testing against is > myopenid.com. [...] _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3327 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070906/e613268b/attachment.bin From kevin at janrain.com Thu Sep 6 12:56:10 2007 From: kevin at janrain.com (Kevin Turner) Date: Thu, 06 Sep 2007 12:56:10 -0700 Subject: patch: small crash fix for python 2.0.0rc2 library (fwd) In-Reply-To: References: Message-ID: <1189108570.25207.91.camel@localhost> On Thu, 2007-09-06 at 03:13 -0700, Ryan Barrett wrote: > hi guys! here's a fix that prevents crashes when there are empty URL > parameters. i was seeing the crashes in the openid server code, using the > example consumer in with 2.0.0rc2. How is this being triggered? Under what conditions are empty URL parameters valid input to this function? And presumably by "empty" you do not mean the empty string, but None? The documentation specifies a type of {str: str}, and I'm trying to determine if there's a compelling case for None to be valid input at all. But thank you for the patch. The reason why patches@ didn't work for you is because we haven't set up that alias yet. :-/ I've also created http://trac.openidenabled.com/trac/ticket/21 for this issue. From Ashley at demoxi.com Thu Sep 6 13:32:47 2007 From: Ashley at demoxi.com (Ashley Pond) Date: Thu, 6 Sep 2007 13:32:47 -0700 Subject: php fetcher failure ("expected an OpenID URL") Message-ID: <420A6A97F3739B43B7017D5E764CC0EA02230F@argon.Demoxi.local> I have to retract my previous statement. curl works ONLY if it's requesting from a host that is also on the same provider. It's failing for pretty much everything else. So, thanks! That looks like the problem; the host is blocking traffic somewhere or other for just about all TCP/FTP/HTTP tools. -Ashley -----Original Message----- From: dev-bounces at lists.openidenabled.com on behalf of Ashley Pond Sent: Thu 9/6/2007 12:18 PM To: discuss OpenID libraries and development Subject: RE: php fetcher failure ("expected an OpenID URL") Seems to work fine. I just tried it from the shell and from a little dummied up Perl two-line CGI. Any other ideas or debugging strategies? Thanks! -Ashley -----Original Message----- From: dev-bounces at lists.openidenabled.com on behalf of Kevin Turner Sent: Thu 9/6/2007 11:47 AM To: discuss OpenID libraries and development Subject: Re: php fetcher failure ("expected an OpenID URL") This makes me wonder -- can you fetch *anything* with curl in that environment? Or is there some dns misconfiguration or firewalling that prevents you from doing so? It won't need to fetch HTTPS for myopenid.com identities unless you explicitly specify the 'https://' prefix, so that's probably a red herring. On Thu, 2007-09-06 at 09:53 -0700, Ashley Pond wrote: > Hi all. [First post, just joined. Checked archives. Tried to > RTfriendlyM] > > I'm trying without success to use the Consumer (Relying Party) PHP > example from this library -- http://www.openidenabled.com/php-openid/ > > I've tried both posted versions, 1 and 2. Neither works in my > setup/environment. They both fail on valid OpenIDs with the error > "Expected an OpenID URL." The main Server I've been testing against is > myopenid.com. [...] _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3575 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070906/d637fbdc/attachment-0001.bin From wispernet at gmail.com Thu Sep 6 21:51:44 2007 From: wispernet at gmail.com (Sean McGrath) Date: Fri, 7 Sep 2007 16:51:44 +1200 Subject: Auth_OpenID::fixargs() render problem in PHP Standalone OpenID Server Message-ID: Hi, I've just setup JanRain's PHP Standalone OpenID Server, and everything on my server appears to work fine. However, when i try to log into a site (eg http://iwantmyopenid.org/) i get this error message from my server: *Fatal error*: Call to ftp://ftp. method Auth_OpenID::fixargs() in * /home/wipash/public_html/openidserver/src/render.php* on line *385 *What's the issue here? How do i fix this? -- Sean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070907/117dfa37/attachment.html From yhkim at kt.co.kr Thu Sep 6 23:56:15 2007 From: yhkim at kt.co.kr (=?ks_c_5601-1987?B?sei/tcflW8fBt87Bp8auILHXt+xd?=) Date: Fri, 7 Sep 2007 15:56:15 +0900 Subject: No XML parser was found in xxx/XML.php on line 366 Message-ID: <43ff001c7f11c$2eea6500$e72a0693@oasys.kt.co.kr> I am trying consumer of PHP OpenID Library 2.0.0-rc2. I have this error: No XML parser was found in /xxx/yyy/zzz/openid/Auth/Yadis/XML.php on line 366 XML infomations in server's phpinfo() are ... XML Support active XML Namespace Support active EXPAT Version 1.95.6 PHP Version 4.3.10 How can I solve this problem? Could you give me any clues? Thanks! Y.H. Kim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070907/a410dbf1/attachment.htm From cygnus at janrain.com Fri Sep 7 00:21:34 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 7 Sep 2007 00:21:34 -0700 Subject: Auth_OpenID::fixargs() render problem in PHP Standalone OpenID Server In-Reply-To: References: Message-ID: <20070907072133.GB16960@janrain.com> # *Fatal error*: Call to ftp://ftp. method Auth_OpenID::fixargs() in * # /home/wipash/public_html/openidserver/src/render.php* on line *385 I'm having trouble making sense of that error. fixArgs() doesn't do any dynamic method-calling, and neither does the calling code in render.php. And where is "ftp://ftp." coming from? Perhaps you're wondering the same thing. Could you do some debugging to figure out what $request contains? That would be helpful. Does this happen with all RPs, or specific ones? If specific, which ones? What version of the PHP OpenID library is this on? I know from the usage of fixArgs() that it's OpenID 1.x.x, but I don't know which version. What version of PHP is this on? Thanks! -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From cygnus at janrain.com Fri Sep 7 00:24:09 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 7 Sep 2007 00:24:09 -0700 Subject: No XML parser was found in xxx/XML.php on line 366 In-Reply-To: <43ff001c7f11c$2eea6500$e72a0693@oasys.kt.co.kr> References: <43ff001c7f11c$2eea6500$e72a0693@oasys.kt.co.kr> Message-ID: <20070907072409.GC16960@janrain.com> # XML infomations in server's phpinfo() are ... # # XML Support active # XML Namespace Support active # EXPAT Version 1.95.6 In particular, do you have the "domxml" extension installed (and loaded)? If not, what is installed? -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From openid at ryanb.org Fri Sep 7 09:43:19 2007 From: openid at ryanb.org (Ryan Barrett) Date: Fri, 7 Sep 2007 09:43:19 -0700 (PDT) Subject: patch: small crash fix for python 2.0.0rc2 library (fwd) In-Reply-To: <1189108570.25207.91.camel@localhost> References: <1189108570.25207.91.camel@localhost> Message-ID: On Thu, 6 Sep 2007, Kevin Turner wrote: > How is this being triggered? Under what conditions are empty URL parameters > valid input to this function? And presumably by "empty" you do not mean the > empty string, but None? The documentation specifies a type of {str: str}, > and I'm trying to determine if there's a compelling case for None to be > valid input at all. sure, that's reasonable. if you leave it as is, though, you'll need to change its callers to check for None URL params. that's probably more trouble than making appendArgs handle them gracefully. anyway, here's the warning message and stacktrace i saw, if it helps: seqToKV warning: Converting value to string: None: [('assoc_handle', u'{HMAC-SHA1}{46dfc90e}{RvtCKg==}'), ('ext0.fullname', 'Ryan Barrett'), ('ext0.nickname', 'ryan'), ('identity', 'http://localhost/openid'), ('mode', 'id_res'), ('ns.ext0', 'http://openid.net/sreg/1.0'), ('op_endpoint',None), ('response_nonce', '2007-09-06T09:35:29ZouYrBe'), ('return_to', 'http://localhost:8001/process?janrain_nonce=2007-09-06T09%3A33%3A54ZzKLx6R'), ('signed', 'assoc_handle,ext0.fullname,ext0.nickname,identity,mode,ns.ext0,op_endpoint,response_nonce,return_to,signed')] Traceback (most recent call last): File "wsgiref/handlers.py", line 92, in run File "/home/ryanb/pyblosxom-svn/pyblosxom/Pyblosxom/pyblosxom.py", line 480, in __call__ p.run() File "/home/ryanb/pyblosxom-svn/pyblosxom/Pyblosxom/pyblosxom.py", line 194, in run donefunc=lambda x:x) File "/home/ryanb/pyblosxom-svn/pyblosxom/Pyblosxom/tools.py", line 754, in run_callback output = func(input) File "/home/ryanb/src/pyblosxom/plugins/openid_server.py", line 287, in cb_handle return respond(request, oidrequest.answer(True)) File "/home/ryanb/src/pyblosxom/plugins/openid_server.py", line 183, in respond webresponse = oidserver.encodeResponse(oidresponse) File "/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/server/server.py", line 1464, in encodeResponse return self.encoder.encode(response) File "/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/server/server.py", line 1232, in encode return super(SigningEncoder, self).encode(response) File "/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/server/server.py", line 1188, in encode location = response.encodeToURL() File "/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/server/server.py", line 930, in encodeToURL return self.fields.toURL(self.request.return_to) File "/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/message.py", line 324, in toURL return oidutil.appendArgs(base_url, self.toPostArgs()) File "/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/oidutil.py", line 107, in appendArgs v = v.encode('UTF-8') AttributeError: 'NoneType' object has no attribute 'encode' -Ryan -- http://snarfed.org/ From kevin at janrain.com Fri Sep 7 12:07:33 2007 From: kevin at janrain.com (Kevin Turner) Date: Fri, 07 Sep 2007 12:07:33 -0700 Subject: patch: small crash fix for python 2.0.0rc2 library (fwd) In-Reply-To: References: <1189108570.25207.91.camel@localhost> Message-ID: <1189192053.6039.21.camel@localhost> On Fri, 2007-09-07 at 09:43 -0700, Ryan Barrett wrote: > anyway, here's the warning message and stacktrace i saw, if it helps: > > seqToKV warning: [...] ('op_endpoint',None) Ah-hah! Now *that* is a bug: op_endpoint is a required parameter for OpenID v2 messages. It's not defined for 1.1, but it shouldn't be sent back as None in any case. It looks like we have checks for that for most cases, but I think I see a place where it may slip through. Thanks for the traceback. I'm a little confused about whether this message is OpenID 2.0 or not. If it isn't, the sreg parameters should definitely be sent as 'sreg.nickname' instead of 'ext0.nickname'. (Actually, the intent of openid.sreg.SRegResponse is that they be that way in either case, but at least the ('ns.ext0', 'http://openid.net/sreg/1.0') means that OpenID v2 consumers will still recognize this version.) -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid From david.balch at conted.ox.ac.uk Tue Sep 11 09:02:47 2007 From: david.balch at conted.ox.ac.uk (David Balch) Date: Tue, 11 Sep 2007 17:02:47 +0100 Subject: Problem with detect script? Message-ID: <9D26F7445E7CF0448267CA320343CC7BA250F3@klipspringer.conted.ox.ac.uk> Hi, I'm trying to get set up with php-openid-2.0.0-rc2, and on running the examples/detect.php script I got: ----8<---- HTTP Fetching This PHP installation has support for libcurl. Good. An HTTP request was completed. Unexpected data was returned. ----8<---- Finding http://lists.openidenabled.com/pipermail/dev/2007-August/000818.html, I dug around and discovered that the URL tested against (http://www.openidenabled.com/resources/php-fetch-test.txt) seems to include a linebreak, causing the error. Adding a newline code at the end of the 'Hello World!' string on line 436 made the detect script happy. Is the php-fetch-test.txt really wrong, or is there something wrong in my installation? Cheers, Dave. -- David Balch. | Se?or web developer. T: +44 (0)1865 280979 | Technology-Assisted Lifelong Learning. F: +44 (0)1865 280982 | University of Oxford. E: david.balch at conted.ox.ac.uk From cygnus at janrain.com Tue Sep 11 09:18:15 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Tue, 11 Sep 2007 09:18:15 -0700 Subject: Problem with detect script? In-Reply-To: <9D26F7445E7CF0448267CA320343CC7BA250F3@klipspringer.conted.ox.ac.uk> References: <9D26F7445E7CF0448267CA320343CC7BA250F3@klipspringer.conted.ox.ac.uk> Message-ID: <20070911161815.GH27269@janrain.com> # Adding a newline code at the end of the 'Hello World!' string on # line 436 made the detect script happy. # # Is the php-fetch-test.txt really wrong, or is there something wrong # in my installation? Hi, Kevin will know more, but I suspect this is a problem with our recent migration to a new web site on www.openidenabled.com. That file didn't originally get migrated, and when it did, there might have been a human error. Thanks for taking the time to poke at it. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From kevin at janrain.com Tue Sep 11 12:04:20 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 11 Sep 2007 12:04:20 -0700 Subject: Problem with detect script? In-Reply-To: <20070911161815.GH27269@janrain.com> References: <9D26F7445E7CF0448267CA320343CC7BA250F3@klipspringer.conted.ox.ac.uk> <20070911161815.GH27269@janrain.com> Message-ID: <1189537460.6039.58.camel@localhost> On Tue, 2007-09-11 at 09:18 -0700, Jonathan Daugherty wrote: > # Adding a newline code at the end of the 'Hello World!' string on > # line 436 made the detect script happy. > Kevin will know more, but I suspect this is a problem with our recent > migration to a new web site on www.openidenabled.com. That file > didn't originally get migrated, and when it did, there might have been > a human error. Oh, yeah, that was my bad. Trailing newline has been removed, and the detect script is happier now. Thanks for the report. From david.balch at conted.ox.ac.uk Wed Sep 12 01:20:52 2007 From: david.balch at conted.ox.ac.uk (David Balch) Date: Wed, 12 Sep 2007 09:20:52 +0100 Subject: Problem with detect script? Message-ID: <9D26F7445E7CF0448267CA320343CC7BA250F6@klipspringer.conted.ox.ac.uk> No worries, thanks for the library in the first place :-) Dave. > -----Original Message----- > From: dev-bounces at lists.openidenabled.com > [mailto:dev-bounces at lists.openidenabled.com] On Behalf Of Kevin Turner > Sent: 11 September 2007 20:04 > To: discuss OpenID libraries and development > Subject: Re: Problem with detect script? > > On Tue, 2007-09-11 at 09:18 -0700, Jonathan Daugherty wrote: > > # Adding a newline code at the end of the 'Hello World!' string on > > # line 436 made the detect script happy. > > > Kevin will know more, but I suspect this is a problem with > our recent > > migration to a new web site on www.openidenabled.com. That file > > didn't originally get migrated, and when it did, there > might have been > > a human error. > > Oh, yeah, that was my bad. Trailing newline has been removed, and the > detect script is happier now. Thanks for the report. > > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > From daniel-hofstetter at gmx.ch Wed Sep 12 02:38:32 2007 From: daniel-hofstetter at gmx.ch (Daniel Hofstetter) Date: Wed, 12 Sep 2007 11:38:32 +0200 Subject: Server denied check_authentication Message-ID: <46E7B398.7080808@gmx.ch> Hi all, I have two OpenID servers (using RC2 of the JanRain lib). With the one server the authentication process works fine whereas the other server returns a "server denied check_authentication" error to the consumer. Both servers use (almost) the same code (based on the rails example), you can find it below. By using a network analyzer tool I saw that the flow should be something like (here I am using the working server): GET /user/dho 200 GET /user/dho/xrds 200 (application/xrds+xml) 302 GET /server?openid_assoc_handler=... 302 GET /login/?nonce=... 200 But what I get with the server which doesn't work is: GET /dho 200 GET /dho/xrds 200 (application/xrds+xml) POST /auth openid.mode=associate&openid.assoc_type=HMAC-SHA1&openid.session_type=DH-SHA1&openid.dh_consumer_public=ANd83QRqsdU5XMZW4zqLMoQH%2Bp7bZInGErga8XgHdZ58rddtTvNmgYiVTDc1xoR7JoteAbAsDxvRvfvzKV%2FlqsT5Huq1YLqPt5GRN3Xl8aTLSUlGio40XJyM%2BNA%2BDKt 200 (with the following error: Fatal error: Call to a member function getExpiresIn() on a non-object in /home/dho/projects/noserub/vendors/Auth/OpenID/Server.php on line 648
) ... Anyone an idea what could cause this error? Thanks, daniel PS: Here the server code of the failing server: $pathExtra = APP.DS.'vendors'.DS.PATH_SEPARATOR.VENDORS; $path = ini_get('include_path'); $path = $pathExtra . PATH_SEPARATOR . $path; ini_set('include_path', $path); vendor('Auth/OpenID/Server', 'Auth/OpenID/FileStore'); class AuthController extends AppController { var $uses = array(); function index() { $server = $this->__getServer(); $request = $server->decodeRequest(); if (!isset($request->mode)) { echo 'This is an OpenID server endpoint.'; exit; } $response = $request->answer(true); $this->_renderResponse($response); } function user_page() { $xrdsUrl = 'http://noserub.localhost/dho/xrds'; $identityPage = ' OpenId identity page for dho'; echo $identityPage; exit; } function __getServer() { $store = new Auth_OpenID_FileStore(TMP.'openid'); $server = new Auth_OpenID_Server($store); return $server; } function xrds() { $this->_renderXrds(); } function _renderXrds() { $content = ' http://specs.openid.net/auth/2.0/signon http://openid.net/signon/1.1 http://noserub.localhost/auth '; header('Content-type: application/xrds+xml'); echo $content; exit(); } function _renderResponse($response) { $server = $this->__getServer(); $webResponse = $server->encodeResponse($response); $this->redirect($webResponse->headers['location'], null, true); } } From Alan.Geleynse at itsatomic.com Wed Sep 12 08:31:42 2007 From: Alan.Geleynse at itsatomic.com (Alan Geleynse) Date: Wed, 12 Sep 2007 09:31:42 -0600 Subject: "Bad Signature" in JanRain PHP Library Message-ID: I am using the JanRain PHP OpenID library and am getting a Bad Signature Error when trying to authenticate. I have searched for a solution to this problem but have not found one that seems to work. I was using GMP but have also tried BCMath with the same results. I am using the MySQL Store, but have modified it to use MDB2 instead of DB because we use MDB2 on the rest of the site. Does anyone know anything else that could be causing this? I have been looking through the code but still can't figure out what the problem is. Thanks, -Alan Geleynse -webbr.com -in480.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070912/b682794b/attachment.htm From cygnus at janrain.com Wed Sep 12 09:09:23 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 12 Sep 2007 09:09:23 -0700 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: References: Message-ID: <20070912160923.GI27269@janrain.com> # I am using the JanRain PHP OpenID library and am getting a Bad # Signature Error when trying to authenticate. I have searched for a # solution to this problem but have not found one that seems to work. Does it happen for a specific OpenID server, or for anything you try? What version(s) of the PHP OpenID library exhibit this behavior? Can you give us the payload of a server response that triggers this error? Can you supply the RP code you wrote? -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From Alan.Geleynse at itsatomic.com Wed Sep 12 09:51:31 2007 From: Alan.Geleynse at itsatomic.com (Alan Geleynse) Date: Wed, 12 Sep 2007 10:51:31 -0600 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: <20070912160923.GI27269@janrain.com> References: <20070912160923.GI27269@janrain.com> Message-ID: -----Original Message----- From: dev-bounces at lists.openidenabled.com [mailto:dev-bounces at lists.openidenabled.com] On Behalf Of Jonathan Daugherty Sent: Wednesday, September 12, 2007 10:09 AM To: discuss OpenID libraries and development Subject: Re: "Bad Signature" in JanRain PHP Library ## I am using the JanRain PHP OpenID library and am getting a Bad ## Signature Error when trying to authenticate. I have searched for a ## solution to this problem but have not found one that seems to work. #Does it happen for a specific OpenID server, or for anything you try? Any server I try has the same result. I have tried 4 or 5 different ones to make sure that it isn't a specific server causing the issue. #What version(s) of the PHP OpenID library exhibit this behavior? Version 2.0.0-rc2 #Can you give us the payload of a server response that triggers this #error? I am not quite sure what you want, but in the Auth_OpenID_GenericConsumer complete function, the following is a dump of the message object: object(Auth_OpenID_Message)#19 (4) { ["allowed_openid_namespaces"]=> array(2) { [0]=> string(28) "http://openid.net/signon/1.0" [1]=> string(32) "http://specs.openid.net/auth/2.0" } ["args"]=> object(Auth_OpenID_Mapping)#20 (2) { ["keys"]=> array(8) { [0]=> array(2) { [0]=> string(14) "Bare namespace" [1]=> string(13) "janrain_nonce" } [1]=> array(2) { [0]=> string(28) "http://openid.net/signon/1.0" [1]=> string(4) "mode" } [2]=> array(2) { [0]=> string(28) "http://openid.net/signon/1.0" [1]=> string(12) "assoc_handle" } [3]=> array(2) { [0]=> string(28) "http://openid.net/signon/1.0" [1]=> string(14) "response_nonce" } [4]=> array(2) { [0]=> string(28) "http://openid.net/signon/1.0" [1]=> string(3) "sig" } [5]=> array(2) { [0]=> string(28) "http://openid.net/signon/1.0" [1]=> string(8) "identity" } [6]=> array(2) { [0]=> string(28) "http://openid.net/signon/1.0" [1]=> string(6) "signed" } [7]=> array(2) { [0]=> string(28) "http://openid.net/signon/1.0" [1]=> string(9) "return_to" } } ["values"]=> array(8) { [0]=> string(26) "2007-09-12T16:29:55Zg9hqtu" [1]=> string(6) "id_res" [2]=> string(36) "658281a0-614d-11dc-90a3-893deb6f4c7c" [3]=> string(24) "2007-09-12T16:29:59ZN9I=" [4]=> string(28) "wEohTR3mY8Iw5esnaq/hw9UoQ0o=" [5]=> string(34) "http://alang.pip.verisignlabs.com/" [6]=> string(46) "assoc_handle,identity,response_nonce,return_to" [7]=> string(79) "http://webbr/login/process/openid/?janrain_nonce=2007-09-12T16%3A29%3A5 5Zg9hqtu" } } ["namespaces"]=> object(Auth_OpenID_NamespaceMap)#21 (2) { ["alias_to_namespace"]=> object(Auth_OpenID_Mapping)#22 (2) { ["keys"]=> array(1) { [0]=> string(14) "Null namespace" } ["values"]=> array(1) { [0]=> string(28) "http://openid.net/signon/1.0" } } ["namespace_to_alias"]=> object(Auth_OpenID_Mapping)#23 (2) { ["keys"]=> array(1) { [0]=> string(28) "http://openid.net/signon/1.0" } ["values"]=> array(1) { [0]=> string(14) "Null namespace" } } } ["_openid_ns_uri"]=> string(28) "http://openid.net/signon/1.0" } The signature that is stored is wEohTR3mY8Iw5esnaq/hw9UoQ0o= but the calculated one is kbOZV+KoZDmlzkKpBUgb8QIzP+8=. #Can you supply the RP code you wrote? MySQLStore.php has only 1 change Line 45: -"REPLACE INTO %s VALUES (?, ?, !, ?, ?, ?)"; +"REPLACE INTO %s VALUES (?, ?, !, ?, ?, ?)"; SQLStore.php my new version is attached I also checked the default character encoding as suggested at http://lists.openidenabled.com/pipermail/dev/2007-February/000278.html but it was already set to ISO-8859-1 and there is code that does base64 encoding first, so if I understand correctly the character encoding should not matter anyways. -Alan Geleynse -webbr.com -in480.com -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- A non-text attachment was scrubbed... Name: SQLStore.php Type: application/octet-stream Size: 18038 bytes Desc: SQLStore.php Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070912/d8cbe792/attachment-0001.obj From cygnus at janrain.com Wed Sep 12 10:53:35 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 12 Sep 2007 10:53:35 -0700 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: References: <20070912160923.GI27269@janrain.com> Message-ID: <20070912175335.GK27269@janrain.com> # I am not quite sure what you want, but in the # Auth_OpenID_GenericConsumer complete function, the following is a # dump of the message object: Just a printout of the server response key/value pairs would be great. A print_r($message) is pretty noisy by comparison. E.g., openid.ns=foo openid.signed=bar,blah . . . Or just the URL as it appears when you've been redirected to the consumer (RP) after going to the server. # Can you supply the RP code you wrote? # # MySQLStore.php has only 1 change # Line 45: # -"REPLACE INTO %s VALUES (?, ?, !, ?, ?, ?)"; # +"REPLACE INTO %s VALUES (?, ?, !, ?, ?, ?)"; What I need is the code that creates the Auth_OpenID_Consumer object and calls begin() and complete() on it. Thanks! -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From Alan.Geleynse at itsatomic.com Wed Sep 12 11:46:49 2007 From: Alan.Geleynse at itsatomic.com (Alan Geleynse) Date: Wed, 12 Sep 2007 12:46:49 -0600 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: <20070912175335.GK27269@janrain.com> References: <20070912160923.GI27269@janrain.com> <20070912175335.GK27269@janrain.com> Message-ID: Ok, I had misunderstood what you needed. I included the information below. -----Original Message----- From: dev-bounces at lists.openidenabled.com [mailto:dev-bounces at lists.openidenabled.com] On Behalf Of Jonathan Daugherty Sent: Wednesday, September 12, 2007 11:54 AM To: discuss OpenID libraries and development Subject: Re: "Bad Signature" in JanRain PHP Library ## I am not quite sure what you want, but in the ## Auth_OpenID_GenericConsumer complete function, the following is a ## dump of the message object: # #Just a printout of the server response key/value pairs would be #great. A print_r($message) is pretty noisy by comparison. E.g., # # openid.ns=foo # openid.signed=bar,blah # . # . # . # #Or just the URL as it appears when you've been redirected to the #consumer (RP) after going to the server. openid.mode=id_res openid.assoc_handle=60212fc0-615e-11dc-90a3-893deb6f4c7c openid.response_nonce=2007-09-12T18:33:31Zbxo= openid.sig=lesSyTVN6ckW832/JDSYyPvtJBQ= openid.identity=http://alang.pip.verisignlabs.com/ openid.signed=assoc_handle,identity,response_nonce,return_to openid.return_to=http://webbr/login/process/openid/?janrain_nonce=2007-0 9-12T18%3A31%3A28ZhDmTVJ ## Can you supply the RP code you wrote? ## ## MySQLStore.php has only 1 change ## Line 45: ## -"REPLACE INTO %s VALUES (?, ?, !, ?, ?, ?)"; ## +"REPLACE INTO %s VALUES (?, ?, !, ?, ?, ?)"; # #What I need is the code that creates the Auth_OpenID_Consumer object #and calls begin() and complete() on it. $consumer = new Auth_OpenID_Consumer(new Auth_OpenID_MySQLStore($mdb2)); $auth_request = $consumer->begin($openid); $consumer = new Auth_OpenID_Consumer(new Auth_OpenID_MySQLStore($mdb2)); $response = $consumer->complete(); $mdb2 is a MDB2_Connection object and $openid is the OpenID url. -Alan Geleynse -webbr.com -in480.com #Thanks! #-- # Jonathan Daugherty # JanRain, Inc. # irc.freenode.net: cygnus in #openid # cygnus.myopenid.com _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev From cygnus at janrain.com Wed Sep 12 11:57:46 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 12 Sep 2007 11:57:46 -0700 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: References: <20070912175335.GK27269@janrain.com> Message-ID: <20070912185746.GL27269@janrain.com> Have you tried using any of the other store implementations? I'm wondering if the secrets are not being stored or retrieved properly. Can you please give the FileStore a try? -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From Alan.Geleynse at itsatomic.com Wed Sep 12 12:41:52 2007 From: Alan.Geleynse at itsatomic.com (Alan Geleynse) Date: Wed, 12 Sep 2007 13:41:52 -0600 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: <20070912185746.GL27269@janrain.com> References: <20070912175335.GK27269@janrain.com> <20070912185746.GL27269@janrain.com> Message-ID: I tried the FileStore and it worked correctly, so it seems the problem is somewhere in the SQLStore code. I had modified that code, but I have looked through it all and it appears to be storing the secret correctly. -Alan Geleynse -webbr.com -in480.com -----Original Message----- From: dev-bounces at lists.openidenabled.com [mailto:dev-bounces at lists.openidenabled.com] On Behalf Of Jonathan Daugherty Sent: Wednesday, September 12, 2007 12:58 PM To: discuss OpenID libraries and development Subject: Re: "Bad Signature" in JanRain PHP Library Have you tried using any of the other store implementations? I'm wondering if the secrets are not being stored or retrieved properly. Can you please give the FileStore a try? -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev From Alan.Geleynse at itsatomic.com Thu Sep 13 08:38:19 2007 From: Alan.Geleynse at itsatomic.com (Alan Geleynse) Date: Thu, 13 Sep 2007 09:38:19 -0600 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: References: <20070912175335.GK27269@janrain.com><20070912185746.GL27269@janrain.com> Message-ID: Well I figured out the problem and was able to get it working. The problem was that the secret was not being stored correctly in MySQL. The MySQLStore class overrode the blob_encode method, but not the blob_decode. Is there any reason this was done or is it a bug? It may be that the hex representation works with DB but not with MDB2 in my implementation, but I am not sure. What I did to fix it was I overrode both the blob_decode and blob_encode methods. I ended up using base64 instead of hex and changed the field to a varchar instead of a blob, but it is now working. Thanks for all your help in tracking down this problem. -Alan Geleynse -webbr.com -in480.com -----Original Message----- From: dev-bounces at lists.openidenabled.com [mailto:dev-bounces at lists.openidenabled.com] On Behalf Of Alan Geleynse Sent: Wednesday, September 12, 2007 1:42 PM To: discuss OpenID libraries and development Subject: RE: "Bad Signature" in JanRain PHP Library I tried the FileStore and it worked correctly, so it seems the problem is somewhere in the SQLStore code. I had modified that code, but I have looked through it all and it appears to be storing the secret correctly. -Alan Geleynse -webbr.com -in480.com -----Original Message----- From: dev-bounces at lists.openidenabled.com [mailto:dev-bounces at lists.openidenabled.com] On Behalf Of Jonathan Daugherty Sent: Wednesday, September 12, 2007 12:58 PM To: discuss OpenID libraries and development Subject: Re: "Bad Signature" in JanRain PHP Library Have you tried using any of the other store implementations? I'm wondering if the secrets are not being stored or retrieved properly. Can you please give the FileStore a try? -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev From cygnus at janrain.com Thu Sep 13 09:27:53 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Thu, 13 Sep 2007 09:27:53 -0700 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: References:

Message-ID: <20070913162753.GM27269@janrain.com> # Well I figured out the problem and was able to get it working. The # problem was that the secret was not being stored correctly in MySQL. # The MySQLStore class overrode the blob_encode method, but not the # blob_decode. Is there any reason this was done or is it a bug? It # may be that the hex representation works with DB but not with MDB2 # in my implementation, but I am not sure. Only encoding was overridden because the bytes are returned in raw form, so no decoding is necessary. The encoding override is to eliminate ambiguity by encoding as a hex literal (note the leading '0x'). There's no reason that shouldn't work, but if you're able to do any further investigation to see what was going wrong, I'd be very interested to hear about it. (What version of MySQL are you running?) # What I did to fix it was I overrode both the blob_decode and # blob_encode methods. I ended up using base64 instead of hex and # changed the field to a varchar instead of a blob, but it is now # working. I'm glad it works now. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From Alan.Geleynse at itsatomic.com Thu Sep 13 10:14:14 2007 From: Alan.Geleynse at itsatomic.com (Alan Geleynse) Date: Thu, 13 Sep 2007 11:14:14 -0600 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: <20070913162753.GM27269@janrain.com> References:

<20070913162753.GM27269@janrain.com> Message-ID: I am using MySQL version 5.0.45. What you said is how I had thought it would work at first and that's why I hadn't looked at that part of the code for a while. When I looked at the raw binary of the blob, it was ASCII values for each character instead of using the raw hex. I will continue to look into it and see if I can figure out why, but I think it may be that MDB2 interprets the hex as a string instead of as binary data. -Alan Geleynse -webbr.com -in480.com -----Original Message----- From: dev-bounces at lists.openidenabled.com [mailto:dev-bounces at lists.openidenabled.com] On Behalf Of Jonathan Daugherty Sent: Thursday, September 13, 2007 10:28 AM To: discuss OpenID libraries and development Subject: Re: "Bad Signature" in JanRain PHP Library # Well I figured out the problem and was able to get it working. The # problem was that the secret was not being stored correctly in MySQL. # The MySQLStore class overrode the blob_encode method, but not the # blob_decode. Is there any reason this was done or is it a bug? It # may be that the hex representation works with DB but not with MDB2 # in my implementation, but I am not sure. Only encoding was overridden because the bytes are returned in raw form, so no decoding is necessary. The encoding override is to eliminate ambiguity by encoding as a hex literal (note the leading '0x'). There's no reason that shouldn't work, but if you're able to do any further investigation to see what was going wrong, I'd be very interested to hear about it. (What version of MySQL are you running?) # What I did to fix it was I overrode both the blob_decode and # blob_encode methods. I ended up using base64 instead of hex and # changed the field to a varchar instead of a blob, but it is now # working. I'm glad it works now. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev From cygnus at janrain.com Thu Sep 13 10:48:00 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Thu, 13 Sep 2007 10:48:00 -0700 Subject: "Bad Signature" in JanRain PHP Library In-Reply-To: References: <20070913162753.GM27269@janrain.com> Message-ID: <20070913174800.GO27269@janrain.com> # When I looked at the raw binary of the blob, it was ASCII values for # each character instead of using the raw hex. That's the intention; it needs to be stored in that form. The hex encoding is just a way to make the SQL unambiguous and invulnerable to problems with quoting and escaping. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From cygnus at janrain.com Fri Sep 14 16:44:26 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 14 Sep 2007 16:44:26 -0700 Subject: buildbot failure in openid on PHP 5.2.4 In-Reply-To: References: Message-ID: <20070914234426.GA26158@janrain.com> # Warning: Tests_Auth_OpenID_StoreTest::require_once(DB.php): failed # to open stream: No such file or directory in # /home/buildslave/reposlave/php5.2.4/build/Tests/Auth/OpenID/StoreTest.php # on line 355 This can be fixed by installing PEAR::DB: $ pear install db -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From dev-list-openidenabled at thequod.de Mon Sep 17 11:45:50 2007 From: dev-list-openidenabled at thequod.de (dAniel hAhler) Date: Mon, 17 Sep 2007 20:45:50 +0200 Subject: Something I noticed about $__Auth_OpenID_PEAR_AVAILABLE; In-Reply-To: <225FFAEBDAB44BDAA04EC54D62DC2EF1@dell8300pc> References: <3C7D3D39-A0C3-429B-A01D-5AB13A5B0AA3@asherwolf.com> <225FFAEBDAB44BDAA04EC54D62DC2EF1@dell8300pc> Message-ID: Hi, I had also reported this specific problem before and provided a patch (which I'll attach again). Now I've seen that there's a bugtracker setup, I've created a ticket for this: http://trac.openidenabled.com/trac/ticket/32 Unfortunately, attaching files currently fails, but I've attach the patch in two variants: one uses method_exists() and the other one is_subclass_of(). I prefer the first one. I've mailed janrain about the attachment issue already, so it might be solved soon. Have a nice day. On 8/13/07, Markus Lanthaler wrote: > > If DB is installed, but you use a descendent of > > Auth_OpenID_DatabaseConnection, say for MDB2 wrapper (if it was even > > necessary? Did I just do work for nothing?) This still returns a > > value, causing setfetchmode to throw an error later. > > Hi, > > I found another situation where this causes a problem and submitted already > a patch (hope it will be applied soon!): > > > ----- Original Message ----- > From: "Markus Lanthaler" > To: "discuss OpenID libraries and development" > Sent: Tuesday, August 07, 2007 12:18 PM > Subject: Patch: Conflict when PEAR and a user created class DB is available > > > >I found a conflict and made a little patch for it. SQLStore.php tries to > > include DB.php to check if PEAR is available. > > When there is loaded already a class "DB" (which happens quite often), but > > also PEAR is available you'll get the following error: > > > > Fatal error: Cannot redeclare class DB in ... > > > > I created two simple patches since I didn't know which one is the better > > one. I prefer the second one because it eliminates the gloabal variable > > and > > doesn't require that the user specifies a constant, but feel free to > > choose > > one of the two: > > > > The first one introduces a new constant Auth_OpenID_PEAR_AVAILABLE which > > can > > be set to FALSE to solve the problem: > > > > { > > hunk ./Auth/OpenID/SQLStore.php 24 > > -$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; > > +if(defined('Auth_OpenID_PEAR_AVAILABLE') && !Auth_OpenID_PEAR_AVAILABLE) > > { > > + $__Auth_OpenID_PEAR_AVAILABLE = false; > > +} else { > > + $__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; > > +} > > + > > } > > > > > > The second one checks if a class DB is already declared and doesn't > > include > > DB.php if so. Then it tries to set the fetch mode only if the relevant > > constant is set: > > > > { > > hunk ./Auth/OpenID/SQLStore.php 23 > > -global $__Auth_OpenID_PEAR_AVAILABLE; > > -$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; > > +if((version_compare(phpversion(), "5.0.0", "<") && !class_exists('DB')) > > || > > + (version_compare(phpversion(), "5.0.0", ">=") && > > + !class_exists('DB', false))) { > > + // The class DB doesn't exists yet, try to include it > > + @include_once 'DB.php'; > > +} > > + > > hunk ./Auth/OpenID/SQLStore.php 91 > > - global $__Auth_OpenID_PEAR_AVAILABLE; > > - > > hunk ./Auth/OpenID/SQLStore.php 113 > > - if ($__Auth_OpenID_PEAR_AVAILABLE) { > > - $this->connection->setFetchMode(DB_FETCHMODE_ASSOC); > > + if (defined('DB_FETCHMODE_ASSOC')) { > > + @$this->connection->setFetchMode(DB_FETCHMODE_ASSOC); > > } > > > > > > > > Markus Lanthaler > > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > -------------- next part -------------- A non-text attachment was scrubbed... Name: php-openid-remove-__Auth_OpenID_PEAR_AVAILABLE.patch Type: text/x-diff Size: 1392 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070917/718bad4d/attachment-0002.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: php-openid-remove-__Auth_OpenID_PEAR_AVAILABLE.patch Type: text/x-diff Size: 1394 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070917/718bad4d/attachment-0003.bin From daniel-hofstetter at gmx.ch Mon Sep 24 05:20:47 2007 From: daniel-hofstetter at gmx.ch (Daniel Hofstetter) Date: Mon, 24 Sep 2007 14:20:47 +0200 Subject: Auth_OpenID_sendSRegFields() deprecated? Message-ID: <46F7AB9F.9090605@gmx.ch> Hi all, I am currently using RC2 of the PHP OpenID library. There exists the convenience function Auth_OpenID_sendSRegFields(). Now I noticed this function no longer exists in the repository. Does that mean this function is deprecated and I shouldn't use it in new code I write with RC2? Thanks, daniel From daniel-hofstetter at gmx.ch Tue Sep 25 01:10:05 2007 From: daniel-hofstetter at gmx.ch (Daniel Hofstetter) Date: Tue, 25 Sep 2007 10:10:05 +0200 Subject: "ext0" namespace instead "sreg" in response Message-ID: <46F8C25D.7080402@gmx.ch> Hi all, I am trying to implement an OpenID server based on the JanRain PHP library (RC2). Now I have the problem that my server returns as namespace "ext0" instead of "sreg". What could be the cause of this problem? Here my code, maybe I am doing something wrong: $store = new Auth_OpenID_FileStore(TMP.'openid'); $server = new Auth_OpenID_Server($store); $request = $server->decodeRequest(); $sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($request->message); $response = $request->answer(true); $data = array('email' => 'myemail at example.com'); $sregResponse = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $data); $sregResponse->addToOpenIDResponse($response->fields); $webResponse = $server->encodeResponse($response); $this->redirect($webResponse->headers['location'], null, true); Thanks for any help, daniel From daniel-hofstetter at gmx.ch Tue Sep 25 23:57:18 2007 From: daniel-hofstetter at gmx.ch (Daniel Hofstetter) Date: Wed, 26 Sep 2007 08:57:18 +0200 Subject: "ext0" namespace instead of "sreg" in response Message-ID: <46FA02CE.1040001@gmx.ch> Hi all, I am trying to implement an OpenID server based on the JanRain PHP library (RC2). Now I have the problem that my server returns as namespace "ext0" instead of "sreg" (and so my consumer fails). What could be the cause of this problem? Here my code, maybe I am doing something wrong? $store = new Auth_OpenID_FileStore(TMP.'openid'); $server = new Auth_OpenID_Server($store); $request = $server->decodeRequest(); $sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($request->message); $response = $request->answer(true); $data = array('email' => 'myemail at example.com'); $sregResponse = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $data); $sregResponse->addToOpenIDResponse($response->fields); $webResponse = $server->encodeResponse($response); $this->redirect($webResponse->headers['location'], null, true); Thanks for any help, daniel From cygnus at janrain.com Fri Sep 28 09:50:49 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 28 Sep 2007 09:50:49 -0700 Subject: Auth_OpenID_sendSRegFields() deprecated? In-Reply-To: <46F7AB9F.9090605@gmx.ch> References: <46F7AB9F.9090605@gmx.ch> Message-ID: <20070928165049.GA24551@janrain.com> # I am currently using RC2 of the PHP OpenID library. There exists the # convenience function Auth_OpenID_sendSRegFields(). Now I noticed # this function no longer exists in the repository. Hello, Yes, Auth_OpenID_sendSRegFields() was removed in favor of an improved extension/request API. Here's the relevant code from the example consumer: $sreg_request = Auth_OpenID_SRegRequest::build( // Required array('nickname'), // Optional array('fullname', 'email') ); if ($sreg_request) { $auth_request->addExtension($sreg_request); } Where $auth_request is the result of $consumer->begin(...). -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From cygnus at janrain.com Fri Sep 28 09:52:31 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 28 Sep 2007 09:52:31 -0700 Subject: "ext0" namespace instead "sreg" in response In-Reply-To: <46F8C25D.7080402@gmx.ch> References: <46F8C25D.7080402@gmx.ch> Message-ID: <20070928165231.GB24551@janrain.com> # I am trying to implement an OpenID server based on the JanRain PHP # library (RC2). Now I have the problem that my server returns as # namespace "ext0" instead of "sreg". What could be the cause of this # problem? Is the RP you're using an OpenID 1.x RP? Also, have you tried using trunk instead of RC2? -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com