Issues

ZF-5267: Check immediate functionality not complete or missing

Description

Trying Zend_Auth_Adapter_OpenId::setCheckImmediate(true) will always render a failing authorization if the provider have not auto accepted the requested url, which is fine. However, there is no implementation to retrieve the returned openid_user_setup_url that should contain the next step URL for the client to decide how this url should be presented.

The Zend_OpenId_Consumer::verify() function will always stop at this code (because there are no return_to param when immediate is used): if (empty($params['openid_return_to'])) { $this->_setError("Missing openid.return_to"); return false; }

If you want the client to control the next process it will not work and the class is therefor not useful for that (for example implementing OpenID validation using an Ajax framework, which would be simple with Dojo if Zend_Auth_Adapter_OpenId return openid_user_setup_url in the array of getMessages() function).

Comments

I have found a solution to the problem with setImmediate functionality to be able to use this adapter in an Ajax window.

When set_immediate mode is used, you only need to fetch the setup_mode and openid_user_setup_url parameters from the request object or using $_GET/$_POST to take appropriate action. However, it would be nice to take care of setup_mode in an event/callback of this module instead.

I am using this functionality of Zend_OpenId to login using Ajax, done with Dojos iframe.

Need more information to reproduce.