2

雅虎 openidcheck_authentication总是返回is_valid:false 我是否缺少一些参数?

https://open.login.yahooapis.com/openid/op/auth?
openid.assoc_handle=xAS_t.4jTdUdsshHxy2bcoP4XRDBZ3JtfMwc2Otwbw0V3AhEVUg9FF0t.1jZp65mk8Oqf8ZypMZlRMWLP1_Yj44SO16NTlq9cmOq1ls_evue_5ltKPQDMAJo7gNrKe8-
&openid.claimed_id=https://me.yahoo.com/a/CHxd29Etm54Hzrq4_oQ_RSiba_x.k4uA#47ac6
&openid.identity=https://me.yahoo.com/a/CHxd29Etm54Hzrq4_oQ_RSiba_x.k4uA
&openid.mode=check_authentication
&openid.ns=http://specs.openid.net/auth/2.0
&openid.op_endpoint=https://open.login.yahooapis.com/openid/op/auth
&openid.response_nonce=2012-04-05T07:23:23ZsCfrX0VBTKMuHhly34RkZH_wnq887IVClA--
&openid.return_to=http://voxiternal.com/bong/open/verify/yahoo
&openid.signed=assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_nonce,return_to,signed,pape.auth_level.nist
&openid.pape.auth_level.nist=0
&openid.sig=eymoRtkcrb2EbQVAlF+DdbAb2oM=
&openid.realm=http://voxiternal.com

check_authentication的与谷歌完美合作。但不是雅虎。首先,我尝试使用CURLOPT_POSTFIELDSwhich 与 Google 合作,但不适用于 Yahoo。然后我尝试将其更改为 GET Params 但它仍然无法正常工作

我附上我的 PHP 代码check_authentication

public static function authenticate($request){
    $keys = explode(',', $request['openid_signed']);
    foreach($keys as $key){
        $params['openid.'.$key] = $request['openid_'.str_replace('.', '_', $key)];
    }
    $params['openid.ns']           = $request['openid_ns'];
    $params['openid.signed']       = $request['openid_signed'];
    $params['openid.sig']          = $request['openid_sig'];
    $params['openid.assoc_handle'] = $request['openid_assoc_handle'];
    $params['openid.mode']         = 'check_authentication';
    $params['openid.claimed_id']   = $request['openid_claimed_id'];
    $url = $request['openid_op_endpoint'];
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_VERBOSE, 1); 
    curl_setopt($curl, CURLOPT_HEADER, 1);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
    $res_buff = curl_exec($curl);
    curl_close($curl);
    list($headers, $body) = explode("\r\n\r\n", $res_buff, 2);
    while(strpos($headers,"100 Continue")!==false){
        list($headers, $body) = explode("\r\n\r\n", $body , 2);
    }
    $headers = self::disect($headers);
    $body = self::disect($body);
    if(!isset($headers['HTTP/1.1 200 OK']))
        return -2;
    if(!isset($body['is_valid']))
        return 0;
    return $body['is_valid'];
}

-> 此解决方案在所有 openid 提供程序中都能正常运行。只是 check_authentication 不适用于雅虎。所以我不愿意让所有其他部分不稳定并转移到一些 openid 库

编辑

经过数小时的努力,它看起来像它的雅虎,check_authentication因为它在几天前工作,目前有问题。但是hmac_sha1,使用签名进行验证是有效的。但check_authentication总是通过它与 google、aol 一起返回 false。

如果有人可以check_authentication使用他们的工具/库进行非签名验证,那就太好了。

4

0 回答 0