为什么Janrain的Engage示例仅适用于IE?

时间:2012-11-20 21:49:06

标签: openid janrain

首先,让我先说明一下这个事实,即我对OpenID完全不熟悉并且对PHP不太熟悉。

我在我的网站(Apache / PHP)上设置了Janrain的Engage示例,包括头部的JavaScript:

(function() {

   if (typeof window.janrain !== 'object') {
      window.janrain = {};
   }
   if (typeof window.janrain.settings !== 'object') {
      window.janrain.settings = {};
   }

   janrain.settings.tokenUrl = 'http://mydomain.com/tokenform.php';

   function isReady() {
      janrain.ready = true;
   };

   if (document.addEventListener) {
      document.addEventListener("DOMContentLoaded", isReady, false);
   } else {
      window.attachEvent('onload', isReady);
   }

   var e = document.createElement('script');
   e.type = 'text/javascript';
   e.id = 'janrainAuthWidget';

   if (document.location.protocol === 'https:') {
      e.src = 'https://rpxnow.com/js/lib/myapp/engage.js';
   } else {
      e.src = 'http://widget-cdn.rpxnow.com/js/lib/myapp/engage.js';
   }

   var s = document.getElementsByTagName('script')[0];
   s.parentNode.insertBefore(e, s);

})();

我添加了他们的DIV标签:

<div id="janrainEngageEmbed"></div>

我根据他们的指示构建了以下令牌收据页面:

<?php

header('Content-Type: text/html; charset=utf-8');

?>
<html>
   <head>
      <title>Janrain Engage example</title>
   </head>
   <body>
      <pre>
<?php

$rpx_api_key = file_get_contents('/path/apikey.txt');

/* STEP 1: Extract token POST parameter */
$token = $_POST['token'];

echo "SERVER VARIABLES:\n";
var_dump($_SERVER);
echo "HTTP POST ARRAY:\n";
var_dump($_POST);

// test the length of the token; it should be 40 characters
if (strlen($token) == 40) {

   /* STEP 2: Use the token to make the auth_info API call */
   $post_data = array('token'  => $token,
                     'apiKey' => $rpx_api_key,
                     'format' => 'json',
                     'extended' => 'false');

   $curl = curl_init();
   curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
   curl_setopt($curl, CURLOPT_URL, 'https://rpxnow.com/api/v2/auth_info');
   curl_setopt($curl, CURLOPT_POST, true);
   curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);
   curl_setopt($curl, CURLOPT_HEADER, false);
   curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
   curl_setopt($curl, CURLOPT_FAILONERROR, true);
   $result = curl_exec($curl);
   if ($result == false){
      echo "\n".'Curl error: ' . curl_error($curl);
      echo "\n".'HTTP code: ' . curl_errno($curl);
      echo "\n"; var_dump($post_data);
   }
   curl_close($curl);

   /* STEP 3: Parse the JSON auth_info response */
   $auth_info = json_decode($result, true);

   if ($auth_info['stat'] == 'ok') {

      echo "\n You're in!";
      echo "\n auth_info:";
      echo "\n"; var_dump($auth_info);

      /* STEP 4: Use the identifier as the unique key to sign the user into your system.
         This will depend on your website implementation, and you should add your own
         code here. The user profile is in $auth_info.
      */

   } else {
      // Gracefully handle auth_info error.  Hook this into your native error handling system.
      echo "\n".'An error occured: ' . $auth_info['err']['msg']."\n";
      var_dump($auth_info);
      echo "\n";
      var_dump($result);
   }
} else {
   // Gracefully handle the missing or malformed token.  Hook this into your native error handling system.
   echo 'Authentication canceled.';
}

?>
      </pre>
   </body>
</html>

我的小部件接受来自Google,Facebook,Twitter,Yahoo,LinkedIn和Windows Live的登录。只要我使用IE浏览器,一切都按照广告宣传。如果我尝试使用Firefox或Chrome的任何提供商,我似乎都经过身份验证,登录对话框就会消失,但我仍然停留在带有Open ID提供商选择小部件的页面上。

有什么想法吗?

1 个答案:

答案 0 :(得分:2)

事实证明,Janrain似乎依赖第三方cookie来使其机制发挥作用。虽然可能会在某处记录,但即使经过几个小时的研究,我也没有找到它。

在Firefox,工具,选项,隐私和检查第三方Cookie允许Janrain示例开始工作。

在Chrome中,操作步骤为:chrome:// chrome / settings /,显示高级设置,内容设置,取消选中“阻止第三方Cookie和网站数据”。

Janrain示例继续在IE9中工作,无论Block Third-party Cookies设置如何。我在iOS上使用Safari有相同的体验。 (它被设置为仅接受来自访问过的网站的cookie。)