So, I've been looking at this for some time now and I can't work out what's going wrong.
I have a Google Apps domain name with federated (OpenID) login enabled. I'm using this string 'google.com/accounts/o8/site-xrds?hd=example.com' as the OpenID identifier.
I know that there are problems with this, and I've read the issue queues around it - here on d.o and elsewhere.
My problem is that my $claimed_id comes back as "example.com/openid?id=999999999" when it started out as "https://www.google.com/a/example.com/o8/ud?be=o8".
I think that we (Drupal) are supposed to do something Google/proprietary at this point to resolve the claimed_id that came back and verify that it is in fact Google authorising the request (but I might be wrong?)
I also understand that there are two methods of 'discovering' (does that mean 'understanding'?) an OpenID - xri and xrds. Now, assuming I own example.com (it's my Drupal site), can I leverage that to make the returned claimed_id somehow valid?
I think what I'm asking, is can I respond to "example.com/openid" with hook_menu and return something to complete the login? If so, (and this is the reason I'm posting here) should this be done by Drupal core?
Thanks!
Comments
Comment #1
jenssve CreditAttribution: jenssve commentedHi, some additional discovery needs to be done (https://developers.google.com/google-apps/sso/openid_reference_implement...). You can try the snippet below:
Comment #2
Angry Dan CreditAttribution: Angry Dan commentedThanks jenssve,
I think I solved this in a different way eventually by implementing hook_menu and returning something on http://example.com/openid?id=999999999, which got around the error, but was evidently wrong.
I'll have a go with this once I get some time!