From dev-list-openidenabled at thequod.de  Thu Jan  1 18:14:12 2009
From: dev-list-openidenabled at thequod.de (dev-list-openidenabled at thequod.de)
Date: Fri,  2 Jan 2009 03:14:12 +0100 (CET)
Subject: darcs patch: php-openid-urldecode-urlparamkey
Message-ID: <20090102021412.F3ECF14AE33@base.localdomain>

Fri Jan  2 03:08:52 CET 2009  dAniel hAhler <php-openid at thequod.de>
  * php-openid-urldecode-urlparamkey
  This patch also decodes the key of URL params, which is
  required for param names like 'action[foo]' when the browser sends those
  urlencoded (Konqueror 4.2 does so).
  I would like to propose using rawurldecode instead of urldecode, too, but
  that causes the tests to fail and may be against the OpenID spec
  (the difference is only that "+" gets decoded with urldecode() but not
  with rawurldecode IIRC)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-darcs-patch
Size: 22285 bytes
Desc: A darcs patch for your repository!
Url : http://lists.openidenabled.com/pipermail/dev/attachments/20090101/217f2590/attachment.bin 

From ketmar at ketmar.no-ip.org  Fri Jan  9 07:51:35 2009
From: ketmar at ketmar.no-ip.org (ketmar at ketmar.no-ip.org)
Date: Fri,  9 Jan 2009 17:51:35 +0200 (EET)
Subject: darcs patch: fix for incomplete URIs in "location" http field (for ...
Message-ID: <20090109155135.A688F50B17@ketmar.no-ip.org>

Fri Jan  9 17:46:12 EET 2009  ketmar at ketmar.no-ip.org
  * fix for incomplete URIs in "location" http field (for technorati and maybe others)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-darcs-patch
Size: 23596 bytes
Desc: A darcs patch for your repository!
Url : http://lists.openidenabled.com/pipermail/dev/attachments/20090109/7e344691/attachment-0001.bin 

From will at willnorris.com  Sun Jan  4 11:27:26 2009
From: will at willnorris.com (will at willnorris.com)
Date: Sun,  4 Jan 2009 11:27:26 -0800 (PST)
Subject: darcs patch: I'm not entirely sure which versions of PHP are having...
Message-ID: <20090104192727.E9E6813D1001@aquinas.local>

Sun Jan  4 11:23:17 PST 2009  will at willnorris.com
  * I'm not entirely sure which versions of PHP are having problems with this, but 
  I've had a number of users report that $this->store is incorrectly evaluating
  to false, thereby preventing associations from being used.  I've been unable to
  reproduce this myself, but the change is minor enough.
  
  Original bug report: http://code.google.com/p/diso/issues/detail?id=99
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-darcs-patch
Size: 21606 bytes
Desc: A darcs patch for your repository!
Url : http://lists.openidenabled.com/pipermail/dev/attachments/20090113/8ed067b3/attachment.bin 

From andre.cruz at co.sapo.pt  Wed Jan 14 06:28:39 2009
From: andre.cruz at co.sapo.pt (=?ISO-8859-1?Q?Andr=E9_Cruz?=)
Date: Wed, 14 Jan 2009 14:28:39 +0000
Subject: Immediate response and form with auto-submit
Message-ID: <082D5675-1261-4D4B-A71F-FB6BC42BA662@co.sapo.pt>

Hello.

I've been playing with large openid responses and found that when the  
response body is larger than OPENID1_URL_LIMIT (2047) bytes the  
response gets converted to a html form that's autosubmitted (barring  
this bug I reported http://trac.openidenabled.com/trac/ticket/314).

In this case can this be considered an "immediate" openid response?  
There is a button that the user can press and if the browser does not  
support javascript the user will stay on that page.

If this cannot be considered an "immediate" request is there a way to  
know a response will be like this besides looking at the http code  
present there? Can we assume that http code 200 is a html form to be  
submitted?

Best regards,
Andr?

From faisalrehmanid at yahoo.com  Thu Jan 15 02:48:00 2009
From: faisalrehmanid at yahoo.com (Faisal Rehman)
Date: Thu, 15 Jan 2009 02:48:00 -0800 (PST)
Subject: Fw: OpenID Problem
Message-ID: <376208.84136.qm@web111215.mail.gq1.yahoo.com>



--- On Thu, 1/15/09, dev-owner at lists.openidenabled.com <dev-owner at lists.openidenabled.com> wrote:


From: dev-owner at lists.openidenabled.com <dev-owner at lists.openidenabled.com>
Subject: OpenID Problem
To: faisalrehmanid at yahoo.com
Date: Thursday, January 15, 2009, 4:57 AM


This mailing list does not accept posts from non-members.? Please
subscribe at http://lists.openidenabled.com/mailman/listinfo/dev or
contact us through Pibb at https://pibb.com/go/openid




      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20090115/b1f328a8/attachment-0001.htm 
-------------- next part --------------
An embedded message was scrubbed...
From: Faisal Rehman <faisalrehmanid at yahoo.com>
Subject: OpenID Problem
Date: Wed, 14 Jan 2009 20:57:11 -0800 (PST)
Size: 3742
Url: http://lists.openidenabled.com/pipermail/dev/attachments/20090115/b1f328a8/attachment-0001.eml 

From faisalrehmanid at yahoo.com  Thu Jan 15 02:53:51 2009
From: faisalrehmanid at yahoo.com (Faisal Rehman)
Date: Thu, 15 Jan 2009 02:53:51 -0800 (PST)
Subject: No subject
Message-ID: <168167.93002.qm@web111207.mail.gq1.yahoo.com>





Hi to all,
?
I have download openid library from here http://www.openidenabled.com/php-openid/ 

and i am facing problem how to use the given example. The Error i am facing is 

Could not create the FileStore directory '/tmp'. Please check the effective permissions.

Even?when i am calling phpinfo? the value of open_basedir

LOCALVALUE :/var/www/vhosts/mydomain.com/httpdocs:/tmp:/tftpboot

and?MASTERVALUE is set as no value.

tmp folder is in httpdocs have permission 777 but this is still giving this error i dont know why.

Have anybody face this problem please helpme i will be very thankfull to you. 


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20090115/4e562dcd/attachment.htm 

From faisalrehmanid at yahoo.com  Thu Jan 15 02:54:43 2009
From: faisalrehmanid at yahoo.com (Faisal Rehman)
Date: Thu, 15 Jan 2009 02:54:43 -0800 (PST)
Subject: Problem With OpenID Example
Message-ID: <956980.70109.qm@web111202.mail.gq1.yahoo.com>






Hi to all
?
when i am changing the value of $store_path = "/tmp/"; to??$store_path = "tmp/"; in?common.php.?where tmp is the folder in the same dir where i have put common.php it is giving http 500 error in php 5.2.6?and same code when i am running on 4.3.9 it is not showing any error and does not redirct to yahoo.com for verification.
?
Please help !
?
Waiting for your reply.


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20090115/08168fec/attachment.htm 

From faisalrehmanid at yahoo.com  Thu Jan 15 02:55:22 2009
From: faisalrehmanid at yahoo.com (Faisal Rehman)
Date: Thu, 15 Jan 2009 02:55:22 -0800 (PST)
Subject: Problem With OpenID Example
Message-ID: <849737.88673.qm@web111204.mail.gq1.yahoo.com>

What i have done is :
?
I have copy the Auth dir in consumer dir and create the folder tmp in consumer dir having permession of 777 and just change the in common.php variable? 
?
????????????????? $store_path = "/tmp/_php_consumer_test";
?
????????????????????????????????????????? to
?
???????????????????$store_path = "tmp/";?
?
and upload that consumer dir in httpdocs
?
Here is the link you can test the output it have http error 500 instead to redirct to yahoo.com or any other openid provider.
?
http://dev3.ip-pabx.com/consumer/
?
and this will show my server side setting 
?
http://dev3.ip-pabx.com/consumer/phpinfo.php
?
if you have found any thing missing in this phpinfo page please let me know i will be thankfull to you.
?
Now Hope you will understand better what problem i am facing 
?
Waiting for reply? !


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20090115/b3dc1fbf/attachment.htm 

From jdavid.net at gmail.com  Tue Jan 20 15:45:12 2009
From: jdavid.net at gmail.com (jDavid)
Date: Tue, 20 Jan 2009 15:45:12 -0800
Subject: pape missing?
In-Reply-To: <mailman.9347.1232494708.19460.dev@lists.openidenabled.com>
References: <mailman.9347.1232494708.19460.dev@lists.openidenabled.com>
Message-ID: <aeb0a8540901201545n4a7f956evf62262c60321ae06@mail.gmail.com>

I am trying to run this with python2.6 and i am getting an error
loading the PAPE.

C:\_dev\python-openid-2.2.1\examples>c:\python26\python server.py --port 8001
Traceback (most recent call last):
 File "server.py", line 32, in <module>
   from openid.extensions import sreg
 File "c:\python26\Lib\site-packages\openid\extensions\__init__.py",
line 5, in <module>
   from openid.extensions.draft import pape5 as pape
ImportError: No module named draft

--
--
Justin Kruger -- Sr. Software Engineer - MySpace MDP
http://jDavid.net
jDavid.net at gmail.com

"A dreamer is one who can only find his way by moonlight, and his
punishment is that he sees the dawn before the rest of the world." -
 --  Oscar Wilde


From shashank.tripathi at gmail.com  Tue Jan 27 09:56:05 2009
From: shashank.tripathi at gmail.com (Shashank Tripathi)
Date: Wed, 28 Jan 2009 01:56:05 +0800
Subject: Simple PHP working sample code?
Message-ID: <7cab9c1b0901270956k4a107340g540c45e691792711@mail.gmail.com>

Hi,

Hope the dev list also allows for questions of a non-dev nature. I
only see this mailing list.

My question is very basic. I'd like to try out this library, but am
struggling to find simple examples.

I noticed a starting point at Zend:
http://devzone.zend.com/article/3581-Getting-Started-with-OpenID-and-PHP

But it keeps referring to PEAR, while the PHP I have with my WHM and
Cpanel stuff only support PECL. Is this going to be a limitation?

Anyway, I am not interested in all the jazz about consumer/server, and
so forth. All I want is a simple way to send information submitted by
a user (just the open ID link, I imagine) and if all works then
retrieve some basic info such as an email address or name. That's it.

Much appreciate any pointers or thoughts on getting this working! I
have PHP5. Some PECL stuff is installed, but I have never used (or
needed) that stuff thus far.

Thanks!
ST


From nowen at wikidsystems.com  Thu Jan 29 13:25:18 2009
From: nowen at wikidsystems.com (Nick Owen)
Date: Thu, 29 Jan 2009 16:25:18 -0500
Subject: python lib question
Message-ID: <49821EBE.4090807@wikidsystems.com>

Greetings:

We're using the openid4java libs on our server.  We've tested at various
places (sf.net, ma.gnolia) and using the openidenabled ruby RP test (the
php one seems to be down, just fyi).  All works well, but we can't get
the python RP test to work nor can I get it to work on our plone site.

There's never a redirect to the OID provider's verification page and
plone is saying "PluggableAuthService openid consumer discovery error
for identity http://wikid.com/nowen: No usable OpenID services found for
http://wikid.com/nowen".  Not much to go on, I'm afraid :).

The plone site is running plone.openid-1.2-py2.4.egg,
plone.app.openid-1.1-py2.4.egg and I have tried both openid 2.2 and 2.1.

Any thoughts on why the ruby RP would work, but not the python?  Any
guidance is much appreciated!

nick

-- 
Nick Owen
WiKID Systems, Inc.
404-962-8983 (desk)
http://www.wikidsystems.com
Commercial/Open-source Two-Factor Authentication


From chris at xhost.com.au  Sat Jan 31 16:02:38 2009
From: chris at xhost.com.au (Chris Fordham)
Date: Sun, 01 Feb 2009 11:02:38 +1100
Subject: Simple PHP working sample code?
In-Reply-To: <7cab9c1b0901270956k4a107340g540c45e691792711@mail.gmail.com>
References: <7cab9c1b0901270956k4a107340g540c45e691792711@mail.gmail.com>
Message-ID: <op.uonbqrmdcznhgw@jager>

On Wed, 28 Jan 2009 04:56:05 +1100, Shashank Tripathi  
<shashank.tripathi at gmail.com> wrote:

> Hi,
>
> Hope the dev list also allows for questions of a non-dev nature. I
> only see this mailing list.

I think this list is the right one for this line of questions.

> My question is very basic. I'd like to try out this library, but am
> struggling to find simple examples.
>
> I noticed a starting point at Zend:
> http://devzone.zend.com/article/3581-Getting-Started-with-OpenID-and-PHP
>
> But it keeps referring to PEAR, while the PHP I have with my WHM and
> Cpanel stuff only support PECL. Is this going to be a limitation?

iirc the JanRain php-openid libs do require PEAR if using a db store. You  
can however use a file store.

> Anyway, I am not interested in all the jazz about consumer/server, and
> so forth. All I want is a simple way to send information submitted by
> a user (just the open ID link, I imagine) and if all works then
> retrieve some basic info such as an email address or name. That's it.

Not entirely sure what you are after. Sounds like you might be referring  
to SREG or AX.
Probably best to understand what an OpenID provider and a relying party is  
first: http://openid.net
The JanRain php-openid libs do contain both a provider and relying party  
example in the archive from http://openidenabled.com/php-openid/ (have a  
look in the example folder).
Reading what you are saying above, the user metadata is generally stored  
with the provider and not the user itself. The OpenID provider 'offers'  
metadata fields such as email address via SREG or AX to the relying party  
when authenticating.
You can see the use of SREG in the source code of the example/server.

> Much appreciate any pointers or thoughts on getting this working! I
> have PHP5. Some PECL stuff is installed, but I have never used (or
> needed) that stuff thus far.

See how you go with the examples and handle any errors. You will need PEAR  
however if you use a db store.

> Thanks!
> ST
>
> _______________________________________________
> Dev mailing list
> Dev at lists.openidenabled.com
> http://lists.openidenabled.com/mailman/listinfo/dev



-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/


From shashank.tripathi at gmail.com  Sat Jan 31 17:28:37 2009
From: shashank.tripathi at gmail.com (Shashank Tripathi)
Date: Sun, 1 Feb 2009 09:28:37 +0800
Subject: Simple PHP working sample code?
In-Reply-To: <op.uonbqrmdcznhgw@jager>
References: <7cab9c1b0901270956k4a107340g540c45e691792711@mail.gmail.com>
	<op.uonbqrmdcznhgw@jager>
Message-ID: <7cab9c1b0901311728v70160443i600b84b4f55cbb13@mail.gmail.com>

Thanks Chris.


> iirc the JanRain php-openid libs do require PEAR if using a db store. You
> can however use a file store.


Yes I would then use a file store. I didn't find this clearly in the
docs though, which only mention that PEAR is required. The FAQ is a
very sparse document, but I hope this mailing list can offer some
insight into how to get this working.


> Not entirely sure what you are after. Sounds like you might be referring
> to SREG or AX.


No, I'm simply after a straightforward way to "openid-enable my site
for user logins", which means I am only interested in a working
Consumer. No fancy knowledge needed. Just something that allows me to
do this:


1. Get the openid that a user has submitted (from a form on our website)

2. "Include" php openid library, and do what's necessary to connect to
the appropriate server based on user's submitted openid; include a
"return" php file to come back to

3. If the authentication goes through at the openid provider, come
back to the "return" php file on our website and print whatever the
openid provider has shared about this user ....(based on the returned
info, I know what to do)

That's it.

Step 2 above is what I am after. I have installed even PEAR since we
last spoke, and followed some instructions on the Zend article website
(http://snipr.com/zend_openid) but it doesn't work. Their code sample
comes back with a blank php page. Error reporting is enabled, so there
is no "error" and the Apache log shows nothing. The PHP page is just
blank.

I'll be happy to share the exact code I am trying to use, but I
suppose it wouldn't hurt the "php openid library" have some basic code
samples as the one I provided above.

Make the sample code easily available and I bet more websites will use
openid. At the moment, it is such a cumbersome and confusing process
that most don't bother.

Many thanks for any pointers or suggestions.

Thanks
ST


From sysadmin at shadowsinthegarden.com  Sat Jan 31 19:10:46 2009
From: sysadmin at shadowsinthegarden.com (SitG Admin)
Date: Sat, 31 Jan 2009 20:10:46 -0700
Subject: Simple PHP working sample code?
In-Reply-To: <7cab9c1b0901311728v70160443i600b84b4f55cbb13@mail.gmail.com>
References: <7cab9c1b0901270956k4a107340g540c45e691792711@mail.gmail.com>
	<op.uonbqrmdcznhgw@jager>
	<7cab9c1b0901311728v70160443i600b84b4f55cbb13@mail.gmail.com>
Message-ID: <f06110400c5aabe82e315@[192.168.0.2]>

>All I want is a simple way to send information submitted by
>a user (just the open ID link, I imagine) and if all works then
>retrieve some basic info such as an email address or name. That's it.

If you're offering OpenID as merely another way of sending an E-mail 
address or name, it's overkill - in time, bandwidth, and CPU cycles - 
and I'd suggest staying with asking users to enter that value 
directly. If their OpenID can be submitted as an *alternative* to 
typical anti-spam comment filtering, let them do so.

If you're thinking that E-mail addresses (and/or names) can be 
validated by accessing them through OpenID rather than direct entry, 
remember that users can determine their own Provider, and it's so 
trivial to place arbitrary values in the AX/SREG fields of your own 
OP that the contents of those fields should NOT be trusted.

>Many thanks for any pointers or suggestions.

I signed up for this list to point out a crucial element that the 
documentation lacked:
http://lists.openidenabled.com/pipermail/dev/2008-March/001235.html
That was for v1.2.3 - you didn't mention which one you were trying?

-Shade


From shashank.tripathi at gmail.com  Sat Jan 31 20:19:33 2009
From: shashank.tripathi at gmail.com (Shashank Tripathi)
Date: Sun, 1 Feb 2009 12:19:33 +0800
Subject: Simple PHP working sample code?
In-Reply-To: <f06110400c5aabe82e315@192.168.0.2>
References: <7cab9c1b0901270956k4a107340g540c45e691792711@mail.gmail.com>
	<op.uonbqrmdcznhgw@jager>
	<7cab9c1b0901311728v70160443i600b84b4f55cbb13@mail.gmail.com>
	<f06110400c5aabe82e315@192.168.0.2>
Message-ID: <7cab9c1b0901312019m5d24ee57see2c660e5454a2e2@mail.gmail.com>

Bottom-posted..


On Sun, Feb 1, 2009 at 11:10 AM, SitG Admin
<sysadmin at shadowsinthegarden.com> wrote:
>> All I want is a simple way to send information submitted by
>> a user (just the open ID link, I imagine) and if all works then
>> retrieve some basic info such as an email address or name. That's it.
>
> If you're offering OpenID as merely another way of sending an E-mail address
> or name, it's overkill - in time, bandwidth, and CPU cycles - and I'd
> suggest staying with asking users to enter that value directly. If their
> OpenID can be submitted as an *alternative* to typical anti-spam comment
> filtering, let them do so.



Not for spam control or some such. I want this as an alternative to
the login system on my web site. I already have a user registration
system, where users need to specify an email/user ID, and a password.
This is used to uniquely identify them and associate my website's
offering with their user ID so they can come back and take a look at
what they have done. That's it.

So to me openid would simply be an alternative mechanism for users to
authenticate themselves and give me a unique identifier with which to
associate their content on my site. When they login (using the user ID
from my site, or their openid) they will see only what is associated
with their user ID.



> If you're thinking that E-mail addresses (and/or names) can be validated by
> accessing them through OpenID rather than direct entry, remember that users
> can determine their own Provider, and it's so trivial to place arbitrary
> values in the AX/SREG fields of your own OP that the contents of those
> fields should NOT be trusted.


I don't mind if it's trusted or not. It's hardly like the
username/password they use to register on my site are "trusted". All I
want is a unique combination, and the user's ability to repeat the
same combo everytime he wishes to login to my site. Is all.



> I signed up for this list to point out a crucial element that the
> documentation lacked:
> http://lists.openidenabled.com/pipermail/dev/2008-March/001235.html
> That was for v1.2.3 - you didn't mention which one you were trying?


I am trying to work with OpenID 2.xx. Should I try the older version?

Meanwhile, question: does OpenID also support Gmail authentication?

Thanks
ST


From sysadmin at shadowsinthegarden.com  Sat Jan 31 23:54:17 2009
From: sysadmin at shadowsinthegarden.com (SitG Admin)
Date: Sun, 1 Feb 2009 00:54:17 -0700
Subject: Simple PHP working sample code?
In-Reply-To: <7cab9c1b0901312019m5d24ee57see2c660e5454a2e2@mail.gmail.com>
References: <7cab9c1b0901270956k4a107340g540c45e691792711@mail.gmail.com>	
	<op.uonbqrmdcznhgw@jager>	
	<7cab9c1b0901311728v70160443i600b84b4f55cbb13@mail.gmail.com>	
	<f06110400c5aabe82e315@192.168.0.2>
	<7cab9c1b0901312019m5d24ee57see2c660e5454a2e2@mail.gmail.com>
Message-ID: <f06110400c5aafec68318@[192.168.0.2]>

>system, where users need to specify an email/user ID, and a password.
>This is used to uniquely identify them and associate my website's
>offering with their user ID so they can come back and take a look at
>what they have done. That's it.

I could use "george.bush at whitehouse.gov" as my user ID then, and it 
would be fine since the string would never be used for anything else?

OpenID can't substitute for E-mail verification, is the point I was 
trying to make :)

>I am trying to work with OpenID 2.xx. Should I try the older version?

I would recommend against it - v2.x has improved security as well as 
an expanded feature-set, and not all OP's are v1.x-compatible  (so, 
some of your users could be rejected for using the most up-to-date 
version).

>Meanwhile, question: does OpenID also support Gmail authentication?

Theoretically, yes. OpenID is more of an authentication encapsulation 
protocol where 3rd parties are concerned (it gives 3rd parties a 
secure way of communicating some assurance that the user has passed 
authentication measure X), but much of what is *possible* doesn't 
have explicit recognition built into the spec. (I just checked and 
I'm speaking from memory of AQE here, which has been deprecated in 
favor of PAPE, so refer to section 5.1 of the AQE spec for context to 
that last, and otherwise ignore it.) I don't think it would be 
necessary to patch in Gmail authentication as well, though, since 
Google is offering OpenID's to its users - or is that still in the 
beta stage?

-Shade