FailureResponse on otherwise successful OpenID login: Server denied check_authentication -

-

i'm testing openid authentication using python-openid on webpy's development web server. through yahoo! , myopenid, keep getting failure response message server denied check_authentication. strange part is, receive correct openid.identity.

the same type of authentication works fine google (@ https://www.google.com/accounts/o8/ud...). on 1 hand, gives me confidence i'm doing right, on other hand, inconsistency confuses me.

return_to & trust_root both localhost:8080, may have it.

here's code use send user yahoo! authenticate:

  def post(self):     post_data = web.input()     if post_data.has_key('openid_identifier'):       openid_identifier = post_data.get('openid_identifier')       c = consumer(session, openid.store.memstore.memorystore())       auth = c.begin(openid_identifier)       auth_url = auth.redirecturl('http://localhost:8080', return_to='http://localhost:8080/authenticate')       raise web.seeother(auth_url)     return post_data

auth_url in case set (formatted easy reading):

https://open.login.yahooapis.com/openid/op/auth? openid.assoc_handle=cyso3wjsjqa3ewmrpaqz3yodzqjosp1ta.4tvzumqllpafm7owci6k9bmkg4uuqz.5m.fy7wp8bwfq1er_sohwpj6gcsktxi_7bqi22t5rucmiuqbvjpgfsjc_kry2k-& openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select& openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select& openid.mode=checkid_setup& openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.realm=http%3a%2f%2flocalhost%3a8080& openid.return_to=http%3a%2f%2flocalhost%3a8080%2fauthenticate%3fjanrain_nonce%3d2010-10-08t02%253a56%253a04zrxai

here's handler looks @ return url:

  def get(self):     data = web.input()     c = consumer(session, openid.store.memstore.memorystore())     result = c.complete(dict(data), current_url='http://localhost:8080/authenticate')     if result.status == success:       openid_identity = data.get('openid.identity')       ...     render = web.template.render('templates/', base='layout')     return render.error(...)

result gets set <openid.consumer.consumer.failureresponse id=none message='server denied check_authentication'>, , data (the query parameters on return) set this:

<storage {'openid.op_endpoint': u'https://open.login.yahooapis.com/openid/op/auth',  'openid.sig': u'ychffphs2whtw9p1gpzc+toqj0k=',  'openid.ns': u'http://specs.openid.net/auth/2.0',  'janrain_nonce': u'2010-10-08t02:56:04zrxaiwh',  'openid.return_to': u'http://localhost:8080/authenticate?janrain_nonce=2010-10-08t02%3a56%3a04zrxaiwh',  'openid.pape.auth_level.nist': u'0',  'openid.claimed_id': u'https://me.yahoo.com/a/d3eeqzawydfmtdwagb2vbevu4vimlsez#1ac56',  'openid.mode': u'id_res',  'openid.realm': u'http://localhost:8080',  'openid.response_nonce': u'2010-10-08t02:55:52zrlnmed7awiagwjhfhqeqs2fxj3.nxdwcia--',  'openid.signed': u'assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_nonce,return_to,signed,pape.auth_level.nist',  'openid.identity': u'https://me.yahoo.com/a/d3eeqzawydfmtdwagb2vbevu4vimlsez',  'openid.assoc_handle': u'cyso3wjsjqa3ewmrpaqz3yodzqjosp1ta.4tvzumqllpafm7owci6k9bmkg4uuqz.5m.fy7wp8bwfq1er_sohwpj6gcsktxi_7bqi22t5rucmiuqbvjpgfsjc_kry2k-'}>

that sure doesn't failure response me. notice openid.identity set. , yes, openid identity on yahoo!.

i'm not sure take here. words of advice?

the consumer needs data store maintain state between discovery , authentication. store using, openid.store.memstore.memorystore(), did not maintain state between requests. maintains state within process -- expect "memory" (duh). bit had change creation of consumer in both , post handlers.

here's wrong way create consumer:

# bad: memorystore() has short memory -- within process c = consumer(session, openid.store.memstore.memorystore())

and here's right way create consumer:

# good: mysql has long memory -- across processes db = web.database(dbn='mysql', db='somedb', user='someuser', pw='') conn = db._db_cursor().connection cstore = sqlstore.mysqlstore(conn, 'openid_associations', 'openid_nonces') c = consumer(session, cstore)

i suppose helps remember assoc handles , nonces. must have been stuck here 10 hours, hope helps next guy (or gal) avoid doing same.

this'll first bounty ever won -- own. woot!

parting note: assumes have set openid tables in database, should in mysql:

create table openid_nonces (   server_url blob not null,   timestamp integer not null,   salt char(40) not null,   primary key (server_url(255), timestamp, salt) ) engine=innodb;  create table openid_associations (   server_url blob not null,   handle varchar(255) not null,   secret blob not null,   issued integer not null,   lifetime integer not null,   assoc_type varchar(64) not null,   primary key (server_url(255), handle) ) engine=innodb;

check openid.store.sqlstore section of the documentation related sql statements specific store.


Comments

Post a Comment

Popular posts from this blog

ASP.NET/SQL find the element ID and update database -

-
basically i've got update query runs when click submit button. i have asp:repeater in page layer inside this <asp:repeater id="dgbookings" runat="server" onitemdatabound="itemdb"> <itemtemplate> <div class="bookingscontent"> <div class="bookingdetails" id="<%# databinder.eval(container.dataitem, "booking_ref") %>"> <p class="infotext"><%# databinder.eval(container.dataitem, "adults") %> <asp:linkbutton onclick="editdetails" text="edit..." runat="server"></asp:linkbutton></p> <p class="infotext"><asp:linkbutton onclick="submitdetails" text="submit..." runat="server"></asp:linkbutton></p> </div> </div> </itemtemplate> <asp:repeater> and outputs ...
Read more

jquery - appear modal windows bottom -

-
i have modal windows in application, work fine <div id="modal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="mymodallabel" aria-hidden="true"> but when modal appears, appear top of windows, , want appear bottom the application joomla 3.0! , using template of meet gavern any idea? i found solution i modified de css in bootstrap .modal.fade { top:-25%; -webkit-transition:opacity .3s linear, bottom .3s ease-out; -moz-transition:opacity .3s linear, bottom .3s ease-out; -ms-transition:opacity .3s linear, bottom .3s ease-out; -o-transition:opacity .3s linear, bottom .3s ease-out; transition:opacity .3s linear, bottom .3s ease-out; }
Read more

c++ - Compiling static TagLib 1.6.3 libraries for Windows -

-
i having super hard time compiling , using taglib 1.6.3 in qt project. i've tried can think of. taglib claims supported through cmake i'm not having luck. furthermore, i'm confused kinds of files need qt libs! i've built *.a files, *.lib, , *.dll. understand far... believe since i'm working in windows *.lib want. no matter do, end "undefined references" taglib functions try use when try compile qt project. have tried mingw32, msys, visual studio 2008, , cross-compiling windows on linux. turning nothing. what makes less sense me if compile same taglib source qt on mac (g++ think?) works fine! somewhere in windows compilation procedures have going wrong. have been smacking face on desk 30 (on , off) hours trying figure out. since qt uses mingw must compile taglib same compiler? if compile *.lib's visual studio not compatible? are *.a libraries usable in windows? (assuming mingw) i'm still trying handle on c++ stuff, after reading coun...
Read more