ZF-6905: Zend_OpenID need support for OpenId Specification 2.0 final

Description

We need the final spec implemented to use openid with yahoo and google accounts!!! Here we found a hack for zend, perhaps this is a solution: http://stackoverflow.com/questions/741345/…

From the link: Little late to the game but I was able to get this working with some hacks I found around the interwebs.

First. Yahoo. To get Yahoo working all I had to do was change the JavaScript to use me.yahoo.com instead of just yahoo.com and it worked perfectly with the version of the Zend Framework I'm using. Unfortunately Google still wasn't, so some hacking was in order.

All of these changes go in Zend/OpenId/Consumer.php

First, in the _discovery method add the following on the series of preg_match checks that starts at around line 740.


} else if (preg_match('/([^<]+)<\/URI>/i', $response, $r)) {
  $version = 2.0;
  $server = $r[1];

I added this right before the return false; statement that's in the else {} block.

Second, in the _checkId method you'll need to add 3 new blocks (I haven't dug around enough to know what causes each of these three cases to be called, so I covered all to be on the safe side.

Inside the $version <= 2.0 block, you'll find an if/else if/else block. In the first if statement ($this->_session !== null) add this to the end:


if ($server == 'https://www.google.com/accounts/o8/ud') {
  $this->_session->identity = 'http://specs.openid.net/auth/2.0/identifier_select';
  $this->_session->claimed_id = 'http://specs.openid.net/auth/2.0/identifier_select';
}

In the else if (defined('SID') block add this to the end:


if ($server == 'https://www.google.com/accounts/o8/ud') {
  $_SESSION['zend_openid']['identity'] = 'http://specs.openid.net/auth/2.0/identifier_select';
  $_SESSION['zend_openid']['claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select';
}

And then after the else block (so outside the if/else if/else block all together, but still inside the $version <= 2.0 block) add this:


if ($server == 'https://www.google.com/accounts/o8/ud') {
  $params['openid.identity'] = 'http://specs.openid.net/auth/2.0/identifier_select';
  $params['openid.claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select';
}

Comments

I have tried this patch and didn't work for me. I am using 1.8.4. I hope to see a solution to authenticate with google and yahoo soon

I have found this patch to work for version 1.8.4p1.

add code tag

Thanks for the hack. We definately need official support of 2.0 version of OpenId. When will it be..?

I've done this for my own website. It's probably not conform all Zend Framework standards and it lacks unit testing and all that. Nevertheless, it will probably help you a great deal. When I'm more at home in this contributing thing, I'll do more work myself. For now it supports:

  • XRI (not tested in this version)
  • Yadis discovery
  • XRDS document parsing (as is needed for XRI and Yadis)
  • HTML discovery (not changed)

It works with google and with myopenid.com

Thanks Niek! Will look into the supplied code and accommodate for ZF standards + UTs.

While the attached script does allow for authentication with Google, Yahoo - or any other v2.0 provider still won't.

I've had to ditch ZF in favour of a complete working solution. I'm now using an implementatation from Janrain : http://www.janrain.com/openid-enabled

The changes suggested worked for me. But there is a problem when you use a Google Apps domain as the identifier, like this: *https://google.com/accounts/o8/…

The login() method works fine, but in this case the verify() method is unable to discover the data because Google sends back the identity in a format similar to this: * http://example.com/openid/123456789

I don't know if its a Google problem, or a Zend problem. But i had to comment the lines below to ignore the discovery on verify().

/* } else if (!$this->_discovery($id, $discovered_server, $discovered_version)) { $this->_setError("Discovery failed: " . $this->getError()); return false;

                } else if ((!empty($params['openid_identity']) &&
                            $params["openid_identity"] != $id) ||
                           (!empty($params['openid_op_endpoint']) &&
                            $params['openid_op_endpoint'] != $discovered_server) ||
                           $discovered_version != $version) {
                    $this->_setError("Discovery information verification failed");
                    return false;
                */ 

Closing as "Needs Proposal". If someone wants to step up and implement this for v1.12 please draft an RFC.