4

我在使用 Steam 作为 OpenId 提供商时遇到问题。一切正常,直到对我的网站进行回调,我看到了蒸汽登录网页,我可以用我的用户登录,但是当回调执行时,我得到一个异常。我使用 play 2.2 和 Scala。该代码与播放文档中的代码非常相似

  def loginPost = Action.async { implicit request =>
    OpenID.redirectURL("http://steamcommunity.com/openid",
      routes.Application.openIDCallback.absoluteURL(),
      realm = Option("http://mydomain.com/"))
      .map(url => Redirect(url))
      .recover { case error => Redirect(routes.Application.login) }
  }

  def openIDCallback = Action.async { implicit request =>
      OpenID.verifiedId.map(info => Ok(info.id + "\n" + info.attributes))
       .recover {
          case error =>
            println(error.getMessage()) //prints null
            Redirect(routes.Application.login)
        }
  }

堆栈跟踪:

Internal server error, for (GET) [/steam/login?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=error&openid.error=Invalid+claimed_id+or+identity] ->

play.api.Application$$anon$1: Execution exception[[BAD_RESPONSE$: null]]
    at play.api.Application$class.handleError(Application.scala:293) ~[play_2.10.jar:2.2.1]
    at play.api.DefaultApplication.handleError(Application.scala:399) [play_2.10.jar:2.2.1]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$12$$anonfun$apply$1.applyOrElse(PlayDefaultUpstreamHandler.scala:165) [play_2.10.jar:2.2.1]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$12$$anonfun$apply$1.applyOrElse(PlayDefaultUpstreamHandler.scala:162) [play_2.10.jar:2.2.1]
    at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:33) [scala-library-2.10.3.jar:na]
    at scala.util.Failure$$anonfun$recover$1.apply(Try.scala:185) [scala-library-2.10.3.jar:na]
Caused by: play.api.libs.openid.Errors$BAD_RESPONSE$: null
    at play.api.libs.openid.Errors$BAD_RESPONSE$.<clinit>(OpenIDError.scala) ~[play_2.10.jar:2.2.1]
    at play.api.libs.openid.OpenIDClient.verifiedId(OpenID.scala:111) ~[play_2.10.jar:2.2.1]
    at play.api.libs.openid.OpenIDClient.verifiedId(OpenID.scala:92) ~[play_2.10.jar:2.2.1]
    at controllers.Application$$anonfun$openIDCallback$1.apply(Application.scala:29) ~[classes/:2.2.1]
    at controllers.Application$$anonfun$openIDCallback$1.apply(Application.scala:28) ~[classes/:2.2.1]
    at play.api.mvc.Action$.invokeBlock(Action.scala:357) ~[play_2.10.jar:2.2.1]

我在返回的 URL 中看到此错误消息openid.error=Invalid+claimed_id+or+identity,但找不到任何相关内容。

我错过了什么?谢谢。

4

1 回答 1

0

这是因为 Play Framework OpenID 类没有正确生成重定向 URL。url从代码中的这一行打印出变量的值:

.map(url => Redirect(url))

它很可能看起来像这样:

https://steamcommunity.com/openid/login?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
 &openid.mode=checkid_setup
 &openid.claimed_id=http%3A%2F%2Fsteamcommunity.com%2Fopenid
 &openid.identity=http%3A%2F%2Fsteamcommunity.com%2Fopenid
 &openid.return_to=http%3A%2F%2Fwww.mydomain.com%2Fsteam%2Flogin
 &openid.realm=http%3A%2F%2Fwww.mydomain.com

根据 OpenID 2.0 规范,这是不正确的,特别是在http://openid.net/specs/openid-authentication-2_0.html#discovered_info

如果最终用户输入了 OpenID 提供者 (OP) 标识符,则没有声明的标识符。为了发出 OpenID 身份验证请求,当输入 OP 标识符时,值“ http://specs.openid.net/auth/2.0/identifier_select ”必须用作声明的标识符和 OP-Local 标识符。

基于此,生成的重定向url变量应该是:

https://steamcommunity.com/openid/login?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
 &openid.mode=checkid_setup
 &openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
 &openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
 &openid.return_to=http%3A%2F%2Fwww.mydomain.com%2Fsteam%2Flogin
 &openid.realm=http%3A%2F%2Fwww.mydomain.com

我在 Play Framework 问题跟踪器上为此写了一个问题:

https://github.com/playframework/playframework/issues/3740

同时,作为临时破解/修复,您可以在url变量上使用任意数量的字符串替换技术来将openid.claimed_idopenid.identity参数设置为正确的http://specs.openid.net/auth/2.0/identifier_select值。

于 2014-12-16T22:45:25.920 回答