Doesn't work with gmail address #66

Closed
jnape opened this Issue Mar 11, 2012 · 4 comments

Projects

None yet

4 participants

@jnape
jnape commented Mar 11, 2012

Hey,

The exact example code you've provided in the README file fails for my gmail address. After inputting it into the text box and clicking submit, I'm successfully taken to the gmail auth page, where I'm asked if I want to provide access to "Localhost" (which I say yes to), then when I'm redirected back, I get "Failure :(".

Have you tested this with Gmail?

@samcoe
samcoe commented Mar 20, 2012

What was the the error that you are getting? I also got a error using this with a gmail adress. I was able to fix it by changing line 1073 in openid.js.

My Version:
if(!provider.version || provider.version != params['openid.ns'] || !provider.endpoint || provider.endpoint != params['openid.op_endpoint'])

Original:
if(!provider.version || provider.version != params['openid.ns'])

Basically what I found is that google was sending back the providers for all of their services and the checks that were being used to pick the correct provider was matching up with the incorrect one. Hopefully that helps you!

@havard
Owner
havard commented Mar 23, 2012

@samcoe Could you provide a patch?

@havard
Owner
havard commented Apr 12, 2012

I have tested the fix and found it to only fix part of the problem. Canonicalization of claimed identifiers is needed.

@tristau
tristau commented Apr 20, 2012

I added a fix myself, although I haven't tried that many openId providers (just myOpenID and google). Also I'm not sure if there is any security concerns. I added a second IF statement in the _verifyAssertionAgainstProvider function:

if(provider.version.indexOf('2.0') !== -1 && provider.endpoint != params['openid.op_endpoint'])
{
if (provider.endpoint != params['openid.op_endpoint'].substring(0, params['openid.op_endpoint'].indexOf('?', 0))) {
return callback({ message: 'OpenID provider endpoint in assertion response does not match discovered OpenID provider endpoint' });
}
}

@havard havard closed this in f40afcc Apr 22, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment