Php OpenID检查\u身份验证不起作用
我试图让check_身份验证响应正常工作,但到目前为止,所有消费者都拒绝了它,并说我的服务器拒绝了check_身份验证 这是我的服务器文件接收的GET和POST数据:Php OpenID检查\u身份验证不起作用,php,openid,Php,Openid,我试图让check_身份验证响应正常工作,但到目前为止,所有消费者都拒绝了它,并说我的服务器拒绝了check_身份验证 这是我的服务器文件接收的GET和POST数据: $_GET: Array ( [mode] => profile [username] => hachque [domain] => roket-enterprises.com ) $_POST: Array ( [openid_assoc_handle] => {HMAC-
$_GET:
Array
(
[mode] => profile
[username] => hachque
[domain] => roket-enterprises.com
)
$_POST:
Array
(
[openid_assoc_handle] => {HMAC-SHA1}{4b00d7b2}{vo1FEQ==}
[openid_identity] => http://www.roket-enterprises.com/openaccount/openid:hachque
[openid_mode] => check_authentication
[openid_response_nonce] => 2009-11-16T04:40:18Zrrz8R4
[openid_return_to] => http://openiddirectory.com:80/openidauth/id/c/finish_auth.php?nonce=adCevd6T
[openid_sig] => SgFE5iT9IGd5EftkrZ72mgCHiLk=
[openid_signed] => assoc_handle,identity,mode,response_nonce,return_to,signed,sreg.email,sreg.fullname,sreg.nickname
[openid_sreg_email] => jrhodes@roket-enterprises.com
[openid_sreg_fullname] => James Rhodes
[openid_sreg_nickname] => jrhodes
)
这是我正在输出的标题响应(包含POST数据,正如IRC上向我解释的那样,不应该将键值作为头发送到消费者服务器编辑:想想看,用POST数据进行响应没有多大意义。这里的一些人可能可以清楚地解释整个检查验证过程)
这是我的文件用来处理check_身份验证的PHP代码(请记住,PHP将所有.character转换为for$\u GET和$\u POST变量,因为它们在PHP数组键中不是有效字符):
有人能帮我解决这个问题吗?几个月来,我一直在努力让它正常工作,但我无法直接回答OpenID身份验证这一阶段的工作原理。首先,尽管PHP在参数名称中将句点转换为下划线,但请确保您发送的是句点而不是下划线
其次,您的check_身份验证响应应该只有三个参数,但您有六个参数。然后修复您的响应,看看这是否有帮助。首先,尽管PHP在参数名称中将句点转换为下划线,但请确保您发送的是句点而不是下划线
其次,您的check_身份验证响应应该只有三个参数,但您有六个参数。然后调整您的响应,看看这是否有帮助。安德鲁·阿诺特,您错了! 来自openid.net的文档: 11.4.2.1.请求参数 openid.mode 值:“检查\u身份验证” 身份验证响应中所有字段的精确副本,除了“openid.mode”
可能不止三个字段!安德鲁·阿诺特,你错了! 来自openid.net的文档: 11.4.2.1.请求参数 openid.mode 值:“检查\u身份验证” 身份验证响应中所有字段的精确副本,除了“openid.mode”
可能有三个以上的字段!我也有类似的问题。在我的情况下,客户端(依赖方)无法将OpenId提供程序的名称解析为正确的ip。虽然不太可能是这样,但请检查依赖服务器上的名称解析。我也有类似的问题。在我的情况下,客户端(依赖方)未能将OpenId提供程序的名称解析为正确的ip。虽然不太可能是这种情况,但请检查依赖服务器上的名称解析。我检查了phpMyID代码,它似乎将SReg变量添加到了check_身份验证响应中。我将删除它们,然后重试。我使用Firefox的Live HTTP H进行了检查eaders和我在标题中发送句点。除了额外的sreg参数外,还有额外的openid.mode和openid_mode参数(两者都不应该存在)。可能最重要的是,您缺少了
ns
参数。我检查了phpMyID代码,它似乎将SReg变量添加到了check_身份验证响应中。我将删除它们,然后重试。我检查了Firefox的Live HTTP标头,并在标头中发送句点。除了额外的SReg参数,您还需要e额外的openid.mode和openid\u mode参数(两者都不应存在)。可能最重要的是,您缺少ns
参数。不要混淆人们。“身份验证响应”是其他响应。“检查身份验证”上的响应,应该是3个字段,比如is_validI现在只有openid。模式是有效的,但它仍然表示服务器拒绝了check_身份验证。不要混淆人们。“身份验证响应”是另一个响应。“check_身份验证”上的响应,应该是3个字段,比如is_validI现在只有openid。mode是有效的,但它仍然表示服务器拒绝了check_身份验证。
Content-Type: text/plain;
Content-Length: 675;
openid.mode=id_res&openid.assoc_handle=%7BHMAC-SHA1%7D%7B4b00d7b2%7D%7Bvo1FEQ%3D%3D%7D&openid.identity=http%3A%2F%2Fwww.roket-enterprises.com%2Fopenaccount%2Fopenid%3Ahachque&openid.response_nonce=2009-11-16T04%3A40%3A18Zrrz8R4&openid.return_to=http%3A%2F%2Fopeniddirectory.com%3A80%2Fopenidauth%2Fid%2Fc%2Ffinish_auth.php%3Fnonce%3DadCevd6T&openid.signed=assoc_handle%2Cidentity%2Cmode%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname%2Csreg.nickname&openid.sreg_email=jrhodes%40roket-enterprises.com&openid.sreg_fullname=James+Rhodes&openid.sreg_nickname=jrhodes&openid.sig=MGVhMmQ1Mzg4ZWFlMWY1OWVlYjlmZmY0Njc3OTc5YWIzMjM3NGFjMQ%3D%3D&openid.is_valid=true;
// Retrieve the OpenID information from the $_REQUEST data
// I'm not sure whether it's possible that this data might
// come in on the $_GET parameter instead of $_POST, so that's
// what it uses $_REQUEST.
$assoc_handle = $_REQUEST['openid_assoc_handle'];
$sig = $_REQUEST['openid_sig'];
$signed = $_REQUEST['openid_signed'];
// The method for returning data is via the headers outputted
// by the webserver. Create an array that stores the headers
// to be returned.
$keys = array(
'openid.mode' => 'id_res',
'openid.assoc_handle' => $_REQUEST['openid_assoc_handle'],
'openid.identity' => $_REQUEST['openid_identity'],
'openid.response_nonce' => $_REQUEST['openid_response_nonce'],
'openid.return_to' => $_REQUEST['openid_return_to'],
'openid.signed' => $_REQUEST['openid_signed'],
'openid.sreg_email' => $_REQUEST['openid_sreg_email'],
'openid.sreg_fullname' => $_REQUEST['openid_sreg_fullname'],
'openid.sreg_nickname' => $_REQUEST['openid_sreg_nickname']
//'openid_mode' => 'id_res'
);
// The server may request that we invalidate the user's session
// via $_REQUEST['openid_invalidate_handle']. In this case we
// will clear the session data (you may need to change this
// depending on how you implement the session). After doing so
// we continue and tell the server we did via a variable
if (strlen($_REQUEST['openid_invalidate_handle']) > 0)
{
// Reset the session
session_unset();
session_name('openid_server');
session_start();
// Set the header we need to return
$keys['openid.invalidate_handle'] = $_REQUEST['openid_invalidate_handle'];
}
// We need to validate the signature now. This constructs a token_contents
// for signing the data. The signing key is returned as openid.sig
// and is generated with base64(HMAC(secret(assoc_handle), token_contents)
$token_contents = '';
foreach (explode(',', $signed) as $param) {
$post = preg_replace('/\./', '_', $param);
$token_contents .= sprintf("%s:%s\n", $param, $_REQUEST['openid_' . $post]);
}
// Generate our openid.sig and add it to the list of keys to
// return.
$keys['openid.sig'] = base64_encode(hash_hmac('sha1',$token_contents,$assoc_handle));
// Add the data that we are sharing (via SReg) to the headers.
// For now this is fixed data (see action_authorization.php).
//$keys["sreg.fullname"] = 'James Rhodes';
//$keys["sreg.nickname"] = 'jrhodes';
//$keys["sreg.email"] = 'jrhodes@roket-enterprises.com';
// Just accept the request for now..
// phpMyID does some kind of secret-shared-key thing
// here to determine whether it is valid. I'm not
// quite sure how that process works yet, so we are just
// going to say go ahead.
$keys["openid.is_valid"] = "true";
// We need to format the $keys array into POST format
$keys_post = "";
$keys_post_first = true;
foreach ($keys as $name => $value)
{
if ($keys_post_first)
$keys_post_first = false;
else
$keys_post .= "&";
$keys_post .= urlencode($name) . "=" . urlencode($value);
}
// Now output the POST data
header('Content-Type: application/x-www-form-urlencoded');
header('Content-Length: ' . strlen($keys_post));
header($keys_post);