Home/ Questions/Q 959529
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T01:02:35+00:00

I am using the Zend_OpenId_Consumer to provide OpenID access, the login is working fine,

  • 0

I am using the Zend_OpenId_Consumer to provide OpenID access, the login is working fine, but when I call verify() I am recieving the error 

`Wrong openid.return_to 'http://[host]/user/openid' != 'http://[host]/user/openid?[OpenIdResponse]

The issue as far as I can see is that the verify method is comparing the URL without the query part to the entire URL which includes all of the OpenID response information. It gets this url from Zend_OpenId::selfUrl()

I’m using the verify code from the doc pages

$consumer = new Zend_OpenId_Consumer();

if($this->_request->getParam('openid_mode')) {

    $id = $this->_request->getParam('openid_claimed_id');

    if($this->_request->getParam('openid_mode') == 'id_res') {

        if($consumer->verify($this->_request->getParams(),$id)) {
            $status = 'VALID ' . $id;
        }
        else {
               $status = 'INVALID ' . $id;
        }

    }
    elseif($this->_request->getParam('openid_mode') == 'cancel') {
       $status = 'CANCELLED';
    }
}

Am I doing something wrong here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    perhaps this is helpful

    Integration with Zend_Controller

    Finally a couple of words about
    integration into Model-View-Controller
    applications: such Zend Framework
    applications are implemented using the
    Zend_Controller class and they use
    objects of the
    Zend_Controller_Response_Http class to
    prepare HTTP responses and send them
    back to the user’s web browser.
    Zend_OpenId_Consumer doesn’t provide
    any GUI capabilities but it performs
    HTTP redirections on success of
    Zend_OpenId_Consumer::login and
    Zend_OpenId_Consumer::check. These
    redirections may work incorrectly or
    not at all if some data was already
    sent to the web browser. To properly
    perform HTTP redirection in MVC code
    the real Zend_Controller_Response_Http
    should be sent to
    Zend_OpenId_Consumer::login or
    Zend_OpenId_Consumer::check as the
    last argument.

    zend.openid.consumer

    strange, i’ve just tested OpenId_Consumer on my localserver with ZF 1.10.3…
    no problem at all

    my Action

       public function openidAction() {
      $this->view->status = "";
      if ($this->getRequest()->isPost()) {
         $consumer = new Zend_OpenId_Consumer();
         if (!$consumer->login($this->getRequest()->getParam('openid_identifier'))) {
            $this->view->status = "OpenID login failed.";
         }
      } else if ($this->getRequest()->getParam('openid_mode')) {
         if ($this->getRequest()->getParam('openid_mode') == "id_res") {
            $consumer = new Zend_OpenId_Consumer();
            if ($consumer->verify($this->getRequest()->getParams(), $id)) {
               $this->view->status = "VALID " . htmlspecialchars($id);
            } else {
               $this->view->status = "INVALID " . htmlspecialchars($id);
            }
         } else if ($_GET['openid_mode'] == "cancel") {
            $this->view->status = "CANCELLED";
         }
      }
   }

    my View

    <p><?php echo "{$this->status}" ?></p>
<form method="post">
   <fieldset>
      <legend>OpenID Login</legend>
      <input type="text" name="openid_identifier" value=""/>
      <input type="submit" name="openid_action" value="login"/>
   </fieldset>
</form>
    • 0