If a claimed_id that is different from what was sent fails discovery on line 369 of openid_module, line 378 will throw a PHP notice and warning because $uris was not defined:

            // OpenID Authentication, section 11.2:
            // If the returned Claimed Identifier is different from the one sent
            // to the OpenID Provider, we need to do discovery on the returned
            // identififer to make sure that the provider is authorized to
            // respond on behalf of this.
            if ($response_claimed_id != $claimed_id) {
              $discovery = openid_discovery($response['openid.claimed_id']);
              if ($discovery && !empty($discovery['services'])) {
                $uris = array();
                foreach ($discovery['services'] as $discovered_service) {
                  if (in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) || in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) {
                    $uris[] = $discovered_service['uri'];
                  }
                }
              }
              if (!in_array($service['uri'], $uris)) {
                return $response;
              }
            }

The errors displayed are: Notice: Undefined variables: uris in openid_complete() (line 378...) Warning: in_array() expects parameter 2 to be array, null given in openid_complete() (line 378...)

The solution would be to define $uris outside of the if statement, which appears to be how it was created in the patch that introduced this code: #728278: openid_complete should normalize $response['openid.claimed_id'] before discovery

The error occurred when I tried to login to Yahoo!'s OpenID service (https://me.yahoo.com/) immediately after clearing the cache. The admin account used to clear cache was not logged out beforehand. I'd like to know why discovery failed and a subsequent request threw the error "Sorry, that is not a valid OpenID..." with https://me.yahoo.com/; a fresh install on localhost just throws that latter error a few times right after the cache clear. However this issue is not about that failure (unless somebody has a fast idea what the problem might be).

Comments

Version: 7.26 » 7.x-dev

Core issues are now filed against the dev versions where changes will be made. Document the specific release you are using in your issue comment. More information about choosing a version.