Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I have an OpenID account with freeyourid.com, and my OpenID is http://sami.vaskuu.name
However, Drupal 6.0 with OpenID enabled says "Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly."
I am 100% sure that is my OpenID as I copy-pasted it from the web page, and it works on other OpenID sites.
If I try to log in with some other OpenID provider, e.g. "wasq.vox.com", that works. So the problem is limited to "*.name", I suppose.
Comment | File | Size | Author |
---|---|---|---|
#23 | openid-delegate-1.patch | 13.62 KB | c960657 |
#12 | opendid.delegate.patch | 808 bytes | floretan |
Comments
Comment #1
HedgeMage CreditAttribution: HedgeMage commentedI've run into this, too, and it has nothing to do with the TLD involved. It seems that Drupal isn't following delegated (sometimes called claimed) OpenIDs properly.
To reproduce:
You will receive the error "Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly."
I marked this one as critical because anyone who uses thier own URL as their OpenID without running their own server won't be able to log in at all. This is one of the main arguments for OpenID -- that one can use one's blog, web site, or other existing place on the web as one's identity in a consistent manner. It's beyond my knowledge to fix, but I'll be happy to review the patch.
Comment #2
moshe weitzman CreditAttribution: moshe weitzman commentedI use delegation from my own blog to myopenid.com and it works. so there is a problem here but it isn't all pervasive.
Comment #3
Se7enLC CreditAttribution: Se7enLC commenteddeleted
Comment #4
jrglasgow CreditAttribution: jrglasgow commentedI am having the same problems with delegated openID. Works on other sites but not Drupal sites.
Comment #5
swe3tdave CreditAttribution: swe3tdave commentedi think this is the problem i have in 6.8. When manually adding my openid in my account. I can add the openid fine, but when i try to logon after, its not working. But, when i modify the openid_user_identities function in openid.pages.inc(line 37):
$identity = $result['openid.claimed_id'];
To This:
$identity = $result['openid.identity'];
then i can add my openid(https://launchpad.net/~username), and once i have sign in, launchpad return my openid identity(https://login.launchpad.net/+id/XXXXXX) witch is added instead of the openid i entered earlier. After that i can login with openid just fine.
Comment #6
cmoad CreditAttribution: cmoad commentedditto and subscribe
Comment #7
mojzis CreditAttribution: mojzis commentedSUBCSRIBE
pls can someone have a look ? thanks !
the first user on our new site tried logging in via openid .... guess how it finished :(
Comment #8
mojzis CreditAttribution: mojzis commentedSo I tried it on a fresh drupal instalation : festivia.susino.cz (local village choir, but famous :)
I have this old blog on http://razzere.blogspot.com/, it told me to use "http://razzere.blogspot.com/" as my openID. So I did.
I ended up with a blank page showing this error :
error:Invalid AuthRequest: 768: Invalid value for openid.ns field: http://openid.net/signon/1.0
this is the request (I added newlines for it to fit) :
When I tried the same on http://www.zooomr.com/login/openid/, it worked fine (a blogger page showed up, asking me whether that's what I want).
Pls let me know if I can be of any other help (that site might move soon, so i can probably setup a new one ...).
Thanks a LOT
Comment #9
samj CreditAttribution: samj commentedProblem affects my OpenID (http://samj.net/) with version 6.10
Sam
Comment #10
gebhard CreditAttribution: gebhard commentedsame problem here - subscribe
Comment #11
samj CreditAttribution: samj commentedIssue still present in 6.12
Comment #12
floretan CreditAttribution: floretan commentedAs mentioned in #5, there is a problem with $response['openid.claimed_id'] not always being present.
Trying to call openid_discovery($response['openid.claimed_id']) when $response['openid.claimed_id'] is undefined fails silently on Drupal 6 (because E_ALL is disabled) and gives an error in Drupal 7. However, we don't want to do the discovery when $response['openid.claimed_id']. Instead, we should use the $claim_id that we used in the original request.
Here's a patch for Drupal 7. It also applies to Drupal 6 with some offset.
Thanks to Damien Tournoud for helping me make sense of this patch.
Comment #13
Damien Tournoud CreditAttribution: Damien Tournoud commentedThis all comes from the OpenID specification, section 14.2.1 (emphasis mine):
But the patch is slightly wrong: we need to explicitly set $response['openid.claim_id'] if not already set in the response (and when OpenID 2 is used), because this value is used downstream (for example in openid_authentication()).Edited: I was wrong.
Comment #14
Damien Tournoud CreditAttribution: Damien Tournoud commentedWe need to improve the comments of that section of the code, and add a reference to section 14.2.1.
By the way, this particular issue is a regression introduced by SA-CORE-2009-008, and I doubt it will solve the issue the original poster was facing.
Comment #15
c960657 CreditAttribution: c960657 commentedI don't understand the circumstances that trigger this bug.
$service['version'] specifies that the provider uses OpenID Authentication 2.0, i.e. not version 1.x.
Section 11.2 of the specification says:
Doesn't the patch introduce a violation of this?
Comment #16
sun.core CreditAttribution: sun.core commentedAny updates here?
Comment #17
moshe weitzman CreditAttribution: moshe weitzman commenteddelegated id is busted for me too in d7 ... patch won't apply cleanly for me.
Comment #18
c960657 CreditAttribution: c960657 commentedMoshe, I cannot reproduce that in D7. What exactly happens? If I copy the HTML code from http://www.tejasa.com/ and replace all occurrences of http://weitzman.myopenid.com with http://christian.schmidt.myopenid.com (my own OpenID identity), I can log in without problems.
Comment #19
grendzy CreditAttribution: grendzy commented#12: opendid.delegate.patch queued for re-testing.
Comment #21
c960657 CreditAttribution: c960657 commentedCan someone confirm that this bug still exists in D7 and provide an updated description on how to reproduce it?
Comment #22
RobLoachI can't reproduce this issue on alpha3, but on HEAD I'm having troubles when adding the delegated OpenID to the user account. MyOpenID, for example, reports:
Comment #23
c960657 CreditAttribution: c960657 commentedThe regression since alpha3 was introduced in #218097: OpenID must use canonical ID when authenticating XRI i-names due to the use of the wrong namespace for <openid:Delegate> element.
Comment #24
sunI'm not familiar enough with OpenID, but this patch looks RTBC based on a pure code review.
Comment #25
MichaelCole CreditAttribution: MichaelCole commented@c960657, can you please include a test-case the steps to test this patch? E.g.
1) setup an open_id account like this
2) login to drupal like that
3) if fails like this
Apply the patch and notice it passes.
Comment #26
MichaelCole CreditAttribution: MichaelCole commented#23: openid-delegate-1.patch queued for re-testing.
Comment #28
c960657 CreditAttribution: c960657 commentedSteps to reproduce:
1. Create an OpenID account, e.g. at MyOpenID.com. Assume your OpenID becomes http://username.myopenid.com
2. Create an HTML page containing a meta tag referencing the XRDS document of your, e.g.
<meta http-equiv="X-XRDS-Location" content="http://www.myopenid.com/xrds?username=username.myopenid.com" />
3. On your D7 site, log in with OpenID using the URL of the HTML page that you just created as the User-supplied Identifier.
Expected result:
The OpenID provider authenticates the user and redirects back to the Drupal site.
Actual result:
The OpenID provider complains, e.g. “myOpenID is not authorized to verify that "http://example.org/openid.html" is your identifier.”
Comment #29
c960657 CreditAttribution: c960657 commented#23: openid-delegate-1.patch queued for re-testing.
Comment #30
YesCT CreditAttribution: YesCT commented#23: openid-delegate-1.patch queued for re-testing.
Comment #31
YesCT CreditAttribution: YesCT commentedlooks like this might be a nice one for a novice
Comment #32
YesCT CreditAttribution: YesCT commented#23: openid-delegate-1.patch queued for re-testing.
Comment #33
YesCT CreditAttribution: YesCT commenteddecided to listen to myself and try a novice review...
code style looks good.
Maybe a comment needed? I dont understand why there are two replacements... once for regular, and once for delegate? Actually, why does it seem to be adding many identities?
Ah, maybe these are all tests! (See, said I was a novice reviewer.)
67 critical left. Go review some!
still needs a functional review, someone to follow the steps in #28
Comment #34
YesCT CreditAttribution: YesCT commentedAh, sun did a code review in #24, I missed that.
Comment #35
YesCT CreditAttribution: YesCT commented#23: openid-delegate-1.patch queued for re-testing.
Comment #36
YesCT CreditAttribution: YesCT commentedsun says rtbc based on code review in #24
I think the only thing needed if the bot says it is OK, is for a human to check the steps given in #28
Comment #37
asrobI reproduced #28, it works. I got the expected result.
Comment #38
Dries CreditAttribution: Dries commentedCommitted to CVS HEAD. Thanks.