I used to use a library called Auth_OpenID for my consumer which worked for
all providers including yahoo. I switched to using Zend_OpenId and now it
doesn't work for yahoo as a provider. Has anyone gotten this to work?
After looking at the code, I was able to get it to work, but I had to do the
following (which seems not good, but it works)...
In Zend_OpenId_Consumer::_checkId(), I had to remove these lines:
if (!$this->_associate($server, $version)) {
return false;
}
Inside the _associate() function it ends up making a call to yahoo servers
which returns a status 400 (Bad Request). After doing some more debugging
it looks like yahoo doesn't support this:
'openid.mode' => 'associate',
'openid.assoc_type' => 'HMAC-SHA256',
'openid.session_type' => 'DH-SHA256',
In Zend_OpenId_Consumer::verify() I had to remove this line as well:
if ((isset($params['openid_identity']) &&
$params["openid_identity"] != $id) ||
(isset($params['openid_op_endpoint']) &&
$params['openid_op_endpoint'] != $server) ||
$discovered_version != $version) {
//return false;
}
This is because openid_identity and openid_claimed_id are *almost* the same,
but openid_claimed_id as an extra #XXXX at the end. Not sure if yahoo is
doing somewhere weird. So that check then fails and returns false (cause
$id got set to openid_claimed_id 20 or so lines above in the file.
Any ideas?
--
View this message in context:
http://www.nabble.com/Zend_OpenId-fails-for-yahoo-openid-tp15910120s16154p15910120.html
Sent from the Zend Framework mailing list archive at Nabble.com.
