Yahoo openid check_authentication返回is_valid:false

时间:2012-04-05 08:03:30

标签: php curl openid yahoo urlencode

Yahoo openid check_authentication始终返回is_valid:false 我错过了一些参数吗?

https://open.login.yahooapis.com/openid/op/auth?
openid.assoc_handle=xAS_t.4jTdUdsshHxy2bcoP4XRDBZ3JtfMwc2Otwbw0V3AhEVUg9FF0t.1jZp65mk8Oqf8ZypMZlRMWLP1_Yj44SO16NTlq9cmOq1ls_evue_5ltKPQDMAJo7gNrKe8-
&openid.claimed_id=https://me.yahoo.com/a/CHxd29Etm54Hzrq4_oQ_RSiba_x.k4uA#47ac6
&openid.identity=https://me.yahoo.com/a/CHxd29Etm54Hzrq4_oQ_RSiba_x.k4uA
&openid.mode=check_authentication
&openid.ns=http://specs.openid.net/auth/2.0
&openid.op_endpoint=https://open.login.yahooapis.com/openid/op/auth
&openid.response_nonce=2012-04-05T07:23:23ZsCfrX0VBTKMuHhly34RkZH_wnq887IVClA--
&openid.return_to=http://voxiternal.com/bong/open/verify/yahoo
&openid.signed=assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_nonce,return_to,signed,pape.auth_level.nist
&openid.pape.auth_level.nist=0
&openid.sig=eymoRtkcrb2EbQVAlF+DdbAb2oM=
&openid.realm=http://voxiternal.com

我的check_authentication与Google完美配合。但不是雅虎。 首先,我尝试使用CURLOPT_POSTFIELDS与谷歌合作但不与雅虎合作。然后我尝试将其更改为GET Params,但它仍无法正常工作

我附加了check_authentication

的PHP代码
public static function authenticate($request){
    $keys = explode(',', $request['openid_signed']);
    foreach($keys as $key){
        $params['openid.'.$key] = $request['openid_'.str_replace('.', '_', $key)];
    }
    $params['openid.ns']           = $request['openid_ns'];
    $params['openid.signed']       = $request['openid_signed'];
    $params['openid.sig']          = $request['openid_sig'];
    $params['openid.assoc_handle'] = $request['openid_assoc_handle'];
    $params['openid.mode']         = 'check_authentication';
    $params['openid.claimed_id']   = $request['openid_claimed_id'];
    $url = $request['openid_op_endpoint'];
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_VERBOSE, 1); 
    curl_setopt($curl, CURLOPT_HEADER, 1);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
    $res_buff = curl_exec($curl);
    curl_close($curl);
    list($headers, $body) = explode("\r\n\r\n", $res_buff, 2);
    while(strpos($headers,"100 Continue")!==false){
        list($headers, $body) = explode("\r\n\r\n", $body , 2);
    }
    $headers = self::disect($headers);
    $body = self::disect($body);
    if(!isset($headers['HTTP/1.1 200 OK']))
        return -2;
    if(!isset($body['is_valid']))
        return 0;
    return $body['is_valid'];
}

- >此解决方案适用于所有openid提供商。只是check_authentication不能与雅虎合作。所以我不愿意让所有其他部分不稳定并转移到一些openid库

修改

经过几个小时的挣扎后,看起来像雅虎的问题目前只有check_authentication,因为它在几天前工作了。但是,使用签名验证hmac_sha1。但check_authentication总是通过google,aol。

返回false

如果有人可以使用他们的工具/库进行check_authentication NOT签名验证,那就太好了。

0 个答案:

没有答案