So, I've been looking at this for some time now and I can't work out what's going wrong.

I have a Google Apps domain name with federated (OpenID) login enabled. I'm using this string 'google.com/accounts/o8/site-xrds?hd=example.com' as the OpenID identifier.

I know that there are problems with this, and I've read the issue queues around it - here on d.o and elsewhere.

My problem is that my $claimed_id comes back as "example.com/openid?id=999999999" when it started out as "https://www.google.com/a/example.com/o8/ud?be=o8".

I think that we (Drupal) are supposed to do something Google/proprietary at this point to resolve the claimed_id that came back and verify that it is in fact Google authorising the request (but I might be wrong?)

I also understand that there are two methods of 'discovering' (does that mean 'understanding'?) an OpenID - xri and xrds. Now, assuming I own example.com (it's my Drupal site), can I leverage that to make the returned claimed_id somehow valid?

I think what I'm asking, is can I respond to "example.com/openid" with hook_menu and return something to complete the login? If so, (and this is the reason I'm posting here) should this be done by Drupal core?

Thanks!

Comments

jenssve’s picture

Hi, some additional discovery needs to be done (https://developers.google.com/google-apps/sso/openid_reference_implement...). You can try the snippet below:

/**
 * Implements hook_openid_discovery_method_info().
 *
 */
function mymodule_openid_discovery_method_info() {
    return array('my_discovery' => 'mymodule_google_discover');
}

function mymodule_google_discover($claimed_id) {
    // $claimed_id will be something like http://example.com/openid?id=999999999
    // Do simple check to see if we have that url
    if (strpos('http://example.com', $claimed_url) === FALSE) {
        return;
    }

    // Get the url host (example.com) and create a new url
    $host = parse_url($claimed_id, PHP_URL_HOST);
    $google_url = 'https://www.google.com/accounts/o8/.well-known/host-meta?hd='.$host;

    $headers = array('Accept' => 'application/xrds+xml');
    $result = drupal_http_request($google_url, array('headers' => $headers));

    if (!isset($result->error) && $result->code == 200) {
        $data = $result->data;

        // If all is well $result->data will contain host meta as described on https://sites.google.com/site/oauthgoog/fedlogininterp/openiddiscovery

        preg_match('/Link\: \<(.*)\>/', $data, $matches);
        if (sizeof($matches) && isset($matches[1])) {
            return _openid_xrds_discovery($matches[1]);
        }
    }
    return;
}
Angry Dan’s picture

Thanks jenssve,

I think I solved this in a different way eventually by implementing hook_menu and returning something on http://example.com/openid?id=999999999, which got around the error, but was evidently wrong.

I'll have a go with this once I get some time!

Version: 7.19 » 7.x-dev

Core issues are now filed against the dev versions where changes will be made. Document the specific release you are using in your issue comment. More information about choosing a version.