有趣的是我在两个不同的服务器(a.com,b.com)上使用相同的.php脚本,结果不同,我猜这些脚本有不同的配置。虽然在a.com上我可以很好地完成SSO过程,但是b.com会抛出“在https://www.google.com/accounts/o8/id找不到OpenID服务器”。
我的php脚本如下所示:
$openid = new LightOpenID($_SERVER["HTTP_HOST"]);
$openid->required = array
(
'contact/email',
'namePerson/first',
'namePerson/last'
);
if(!$openid->mode)
{
$openid->identity = 'https://www.google.com/accounts/o8/id';
header('Location: ' . $openid->authUrl());
}
在b.com中,行$ openid-> authUrl()会抛出错误说: 在https://www.google.com/accounts/o8/id
找不到OpenID服务器哪种服务器配置可能导致这种情况?
答案 0 :(得分:3)
幸运的是,服务器管理员能够快速发现php配置中的配置差异allow_url_fopen = 1解决了问题
答案 1 :(得分:2)
Google已停止使用OpenID支持,截至2015年7月22日已删除此端点。
批准的解决方案/答案已经过时。
请迁移到OAuth。如果使用客户端(javascript)登录,this tutorial by google附带一个功能齐全的示例。
下面这段代码是另一个功能齐全的例子(刚刚测试过),但它更进一步,并与服务器端PHP脚本集成。请替换您自己的客户ID(如google developer console中所定义)和YOURDOMAIN.COM(在php中)。
<html lang="en">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<head>
<meta name="google-signin-scope" content="profile email">
<meta name="google-signin-client_id" content="1111111111111111111-11111111111111111111111111111111111.apps.googleusercontent.com">
<script src="https://apis.google.com/js/platform.js" async defer></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js">
</script>
<script>
function signOut() {
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
userDataClear();
});
}
function disassociate() {
var auth2 = gapi.auth2.getAuthInstance();
auth2.disconnect().then(function () {
console.log('User disconnected from association with app.');
userDataClear();
});
}
function onSignIn(googleUser) {
// Useful data for your client-side scripts:
var profile = googleUser.getBasicProfile();
console.log("ID: " + profile.getId()); // Don't send this directly to your server!
// The ID token you need to pass to your backend:
var id_token = googleUser.getAuthResponse().id_token;
var xhr = new XMLHttpRequest();
xhr.open('POST', 'http://YOURDOMAIN.COM/twoStep02.php');
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xhr.onload = function() {
console.log('NEW Signed in Google Client ID: ' + xhr.responseText);
};
xhr.send('idtoken=' + id_token);
console.log("ID Token: " + id_token);
userDataDisplay(profile);
}
function userDataDisplay(profile) {
document.getElementById("foto").innerHTML = '<img src="' + profile.getImageUrl() + '"></img>';
document.getElementById("email").innerHTML = profile.getEmail();
document.getElementById("nome").innerHTML = profile.getName();
}
function userDataClear() {
document.getElementById("foto").innerHTML = ' ';
document.getElementById("email").innerHTML = ' ';
document.getElementById("nome").innerHTML = ' ';
}
</script>
</head>
<body>
<div id="login-button" class="g-signin2" data-onsuccess="onSignIn" data-theme="dark"></div>
<div><a href="/#" onclick="signOut();">Sign out</a></div>
<div><a href="/#" onclick="disassociate();">Disassociate App and Site (easily undone)</a></div>
<div id="foto"></div>
<div id="nome"></div>
<div id="email"></div>
</body>
</html>
这是jquery / ajax调用的php端(twoStep.php)
<?php
$idToken = $_POST["idtoken"];
$url = 'https://www.googleapis.com/oauth2/v3/tokeninfo?id_token='.$idToken;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$json = json_decode($response, true);
curl_close($ch);
$userEmail = $json["email"];
$clientId = $json["azp"];
print_r($json); // returns array console readable
?>
提示4个新手:通过右键单击页面的任何元素并选择“inspect element”,然后更改为CONSOLE选项卡来读取控制台输出。