After getting my app working locally for quite a while, I pushed it to Heroku only to find that OpenID authentication was working "selectively" -- it didn't work for the largest OpenID providers (Google and Yahoo). This was intolerable, of course, and I started figuring the differences between here and there. One such difference was the storage used, so despite being sceptic about it, I decided to equalise and to introduce memcache (which is really the preferred option for what OpenID needs).
Heroku provides two memcache client gems: memcached-northscale and dalli. First, I have to say that memcached-northwest really su... of a low quality, I think it's rather incompatible with openid (as an OpenID::Store::Memcache cache client). It throws a pre-built(! no stack trace !) exception (which Rack::ShowExceptions#pretty shamelessly fails on itself -- because of the absent stacktrace) during a get instead of returning nil value as the OpenID::Store::Memcache expects. Then, dalli is also currently incompatible with OpenID::Store::Memcache! See https://github.com/openid/ruby-openid/pull/9 -- figure the monkey patch in order (see right below). I created https://github.com/costa/rack-openid-test solely for debugging ( http://rack-openid-test.heroku.com/), but it didn't help me to finally detect the problem. I'm still not sure what the problem was, but I've found the root cause, it is some sort of SSL problem using the CA certificate file I provided: #<OpenID::DiscoveryFailure: Failed to fetch identity URL https://www.google.com/accounts/o8/id : Error connecting to SSL URL https://www.google.com/accounts/o8/id: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed> Now that exception was hidden away in rack-openid ( https://github.com/josh/rack-openid/blob/master/lib/rack/openid.rb#L128) which reported a missing provider error. What makes this really weird is the very same file being used in the rack-openid-test above which is working flawlessly for some reason (see https://github.com/costa/rack-openid-test/blob/master/sinatra_example.rb#L15 ). After removing 'OpenID.fetcher.ca_file = ...' line from rails initializers I've started to get warnings just like I did locally before setting that cert file up: WARNING: making https request to https://www.google.com/accounts/o8/idwithout v erifying server certificate; no CA path was specified. But the authentication works... for now. I really hope a clue on this weird issue will come up and/or Heroku will update its docs on Rack::OpenID. -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
