I'm using Janrain's PHP-OpenID 2.1.3, and I've managed to get it working with all the providers I have tried except for Google and Yahoo. The major difference here seems to be that Google and Yahoo, unlike most other providers, don't use a user-specific URL, but rather have the user discovery framework all on their end - which throws the default Janrain framework for a loop then it tries to begin the auth request.
From what I've seen it looks like it's probably the YADIS discovery that is throwing the error, which should be able to be bypassed since the discovery is on Google or Yahoo's end, but I'm not sure. This is all a big informal learning experience for me, and I haven't had any luck finding documentation that can help me on this one. Any tips would be greatly appreciated.
Edit: the specific problem I am having is that when the begin() function is called for the Google or Yahoo URL, I get a null return. This function is found in Auth/OpenID/Consumer.php for reference.
Ok, I finally got to fix the library... I explained everything here (you can also download the php-openid library after my changes).
I needed to do what Paul Tarjan suggested but, also, I needed to modify the Auth_OpenID_detectMathLibrary and add the static keyword to a lot of functions. After that It seems to work perfectly although it is not an ideal solution... I think that someone should rewrite the whole library in PHP 5...
I had the same problem on Windows XP. Fixed by activating curl extension. To do this uncomment in php.ini the line
extension=php_curl.dll
by removing the ; in front of it if any. Restart apache.
Also on windows to work properly you need to define Auth_OpenID_RAND_SOURCE as null since in windows you don't have a random source. You can do this by adding the line
define('Auth_OpenID_RAND_SOURCE', null);
in CryptUtil.php before the first code line
if(!defined('Auth_OpenID_RAND_SOURCE')){
Even if the curl is not enabled the API should work by using instead the Auth_Yadis_PlainHTTPFetcher to communicat via HTTP. In the case of Google and Yahoo you need https, so it only works if open_ssl is enabled (Auth_Yadis_PlainHTTPFetcher::supportsSSL must return true).
I had exactly the same problem and it took me nearly 2 hours to track the problem. Jan Rain's OpenId lib requires 'DOM or domxml PHP XML' (https://github.com/openid/php-openid) but it will fail silently when neither is available!
On my CentOS installation simple:
yum install php-xml
fixed the problem (I'm using this repo: http://blog.famillecollet.com/pages/Config-en).
Are you using the example RP? Can I suggest you submit a detailed bug at http://trac.openidenabled.com/trac/newticket?project=php-openid or a detailed enquiry via the mailing list.
The immediate_mode support indeed does work the libraries if implemented correctly. I (and others) would also be happy to help you on the OpenID IRC channel irc.reenode.net in #openid. My nickname is flaccid.
It's because you don't have curl support enabled enabled in php. Without this, it can't get https content. At least, that's what I discovered. When I tried to get yahoo or google, it failed with an error message "Authentication error; not a valid OpenID," but when I enable php_curl, it works properly.
Make sure your server has curl with https protocol enabled. This solved it for me.
see this thread.
Here is a quick script to test it out. Upload on your server then acccess it via your browser.
<?php
error_reporting(E_ALL);
// create curl resource
$myurl = 'https://<YOURACCOUNT>.myopenid.com';
$curl_handle=curl_init();
curl_setopt($curl_handle,CURLOPT_URL, $myurl);
curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,2);
curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1);
$buffer = curl_exec($curl_handle);
if (empty($buffer))
{
print "Sorry, cannot access $myurl .<p>". curl_error($curl_handle);
}
else
{
print $buffer;
}
curl_close($curl_handle);
?>
If it returns " Protocol https not supported or disabled in libcurl" then you know what to do.
I tried it using my gmail account and it works but it leads to a 301 permanent rediret, which makes sense.
Another potential difference is that Google and Yahoo use HTTPS and if your PHP or SSL installation is misconfigured (perhaps missing CA certs) then your OpenID code will fail to establish an association or complete the check_authentication call.
But without error messages or logs, I can't really tell what type of failure you're looking at.
A couple of years too late, but this might be relevant for users using Janrains PHP OpenID 2.2.2 library on a Windows platform. I'm still on PHP 5.2.17.
My simple test, just to make sure the library was contacting Google was to use the examples/discover.php program, and pass Googles OpenID URL (https://www.google.com/accounts/o8/id).
As per the instructions, the standard steps are to enable GMP (uncomment extension=php_gmp.dll) and CURL (uncomment extension=php_curl.dll). XML should already be enabled.
You may also need to extract the package in contrib/google and make sure google_discovery.php and ca-bundle.crt are in Auth/OpenID.
The extra paranoid could start with examples/detect.php, to make sure they have things set up correctly. It is expected you'd pass all the tests except the Cryptographic Randomness test. For this, you'll need to add
define('Auth_OpenID_RAND_SOURCE', null);
to the top of examples/detect.php. And while you're there, add that to examples/consumer/common.php (since examples/discover.php uses it).
Now, even after all this, discovery for the Google OpenID URL was failing. I was getting CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in the php error log.
In the Windows environment, you need a definition for the CURLOPT_CAINFO. For my quick test, I added curl_setopt($c, CURLOPT_CAINFO, dirname(__FILE__)."/../OpenID/ca-bundle.crt"); before the curl_exec() statements in Auth/Yadis/ParanoidHTTPFetcher.php.
This allowed the examples/discover.php to discover the services offered by the Google URL.
As a longer term solution for setting CURLOPT_CAINFO in Windows, you might like to refer to this StackOverflow answer so you can add a setting to your php.ini.
Related
I know there is some similar topic, but not the same. I have a working code, tested with a lot of different url - http and https as well - without any problem. Then, I found a website ... when I asking the URL header, I got empty array answer.
get_headers("https://www.diversalertnetwork.org/diving-incidents/Divers-air-consumption-appeared-unbelievably-good", 1);
And the result is an EMPTY array.
Array
(
)
I am also try with CURL but same result. I try to download the url's content but nothing. You can try it. Surprise! If I modify to http:// from https://, it will start working. Of course, the https link working very well in a browser. Also, the get_headers working with other https:// links.
With curl I using my own browser's useragent, so that is a real if the server try to detect for any security reason. I really do not know what can I do, and most important, what happening, why there is no any answer, not an error or whatever.
php 5.6
My browser shows warning about that site's HTTPS connection:
The connection to this site uses an obsolete protocol (TLS 1.0), an obsolete key exchange (RSA), and an obsolete cipher (3DES_EDE_CBC with HMAC-SHA1).
So it might simply be that on your system making HTTPS connections with sites that only support outdated security protocols is disabled.
Which Apache config settings regarding SSL are relevant, can be found here: https://superuser.com/a/882651
I'm trying to access the AtTask API using AtTask StreamClient.php library. I am able to login and extract information using the Chrome Advanced Rest Client, however, I am not able to login to the API from a .php script using StreamClient. The message I keep getting is:
"Logging in...Error: Unknown SSL protocol error in connection to XXXXXXXXXX.attask-ondemand.com:443"
Does anyone have an idea what this means, and how to get around it. My gut feeling is that it has something to do with the configuration of my server.
Thanks in advance.
Problem solved. Very strange, very strange. Apparently, you have to force CURL to use SSL Version 1. I added the line:
curl_setopt($this->handle, CURLOPT_SSLVERSION, 1);
to the CURL initiation part of the script and it started working.
I use Twitter streaming API (POST https://stream.twitter.com/1.1/statuses/filter.json) to monitor tweets. It worked up to 01/13/2014, and sinse that time it returns 403 error; from documentation I see that this error code means "The connecting account is not permitted to access this endpoint." I tried different applications and accounts, as well as 2 different servers (to make sure that it is not IP ban for any reason), but this error appears always. I know about API movement from HTTP to HTTPS, but it shouldn't be a problem, because I use HTTPS anyway.
Does anyone use filter.json successfully now and what may be a reason of this issue?
i had the same problem, i use the 140dev streaming api PHP application.
I solved it by upgrading the Phirehose-library, according to this post:
http://140dev.com/twitter-api-programming-blog/upgrade-phirehose-now-for-continued-streaming-api-access/
BUT: I also needed to change the caps lock in OauthPhirehouse.php at the first line, from:
require_once('Phirehose.php');
to:
require_once('phirehose.php');
And i also had to change the name of Phirehose.php to phirehose.php (all small letters).
I also had the same problem which solved by http://140dev.com/twitter-api-programming-blog/upgrade-phirehose-now-for-continued-streaming-api-access/ and no need to do anything extra other than what mentioned on the link.
I am trying to build a twitter feed to search for relevant hashtags and display them in my mobile app. I found a package at http://mlemos.users.phpclasses.org/package/8109-PHP-Generate-RSS-feeds-from-timelines-and-searches.html that seems to do the job. However, opensll isnt loading. i get Error: it was not possible to open the API call URL: establishing SSL connections requires the OpenSSL extension enabled. Now, i have used open ssl on this machine before, and phpinfo says it is enabled. i have checked my php.ini file to make sure the line is uncommented, as well as check my path variable. No success. Google has turned up nothing helpful. Any ideas? Thanks
Ended up using a twitAPI handler package
I'm using aaronpk's Google Voice APIs to send and receive SMS messages in Google Voice. I've uncommented the "extension=php_curl.dll" line in the php.ini and have confirmed that cURL is working. I'm now stuck at this point and I keep receiving this error:
Uncaught exception 'Exception' with
message 'Could not parse for GALX
token'
I've checked all the basic things. The username and password on the account are correct. The only thing that I can see is that cURL is not writing cookie files.
I know the script has a Linux path for the cookiejar / cookiefile by default. I've tried changing this to a Windows directory, as well as including the full path. The code snippet I'm currently using is:
$this->_cookieFile = dirname(__FILE__) . "\cookies.txt";
Even with this code modification, the script is not writing to the cookies.txt file.
I've uploaded these scripts to a Linux host and they work just fine, proving to me that this is a Windows issue. Sadly, we don't have a Linux server for the production environment.
I'm looking for any guidance to get this working within Windows. Right now I'm developing on a Windows 7 machine running XAMPP. The production environment will likely be Windows 2008 Server.
Any assistance would be greatly appreciated!
I know this one is rather old...but it's still nice to share an answer, yeah?
Changing the path of the cookie file is good, but the problem here is with cURL trying (and failing) to verify google's SSL certificate. Two solutions can be found here (I found that link in the accepted answer for this other SO question)
For testing purposes I'd think it would be ok to use the quick and dirty solution (blindly accepting all SSL certificates without verifying).
You'd insert the following line into the GoogleVoice class constructor along with the other curl_setopt lines
curl_setopt($this->_ch, CURLOPT_SSL_VERIFYPEER, FALSE);
For production code, I'd verify the certificate. Finding and saving the certificate is covered in the first link I provided. Assuming the certificate is in the same directory as GoogleVoice.php, you'd insert the following lines
curl_setopt($this->_ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($this->_ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($this->_ch, CURLOPT_CAINFO, getcwd().'\BuiltinObjectToken-VerisignClass3PublicPrimaryCertificationAuthority.crt');
I'm no cURL expert, so I can't say if there's another way to verify the SSL certificate (or why it isn't needed on a Linux host.) This should be all that needs to be changed to get aaronpk's Google Voice API working on XAMPP
It seems that Google has just changed the output HTML for https://accounts.google.com/ServiceLogin in a way that breaks aaronpk's API. I observed the change sometime after December 8th, 2015.
The old HTML: <input name="GALX" type="hidden" value="SecureTokenHere">
The new HTML: <input type="hidden" name="GALX" value="SecureTokenHere">
So if you have the Could not parse for GALX token error, simply update your RegEx from:/name="GALX"\s*type="hidden"\s*value="([^"]+)"/ to /type="hidden"\s*name="GALX"\s*value="([^"]+)"/, or for compatibility, check for the new way if the old way doesn't find a match.