I'm writing a Relying Party, and use the Google provider. Yadis leads me to https://www.google.com/accounts/o8/ud, I create an association, and redirect the user's browser to that URL (HTTP 307), and fill in the following query parameters:
- openid.ns:
http://specs.openid.net/auth/2.0
- openid.mode: checkid_setup
- openid.assoc_handle: value_received_from_association,
- openid.return_to:
http://my_host:and_port/?returned=1
AFAICT, I have filled out everything I'm supposed to provide, yet my user's browser gets a page from google which says "The page you requested is invalid". In what way?
Best Answer
The error was literally triggered by not including the
openid.claimed_id
andopenid.identity
parameters, which must be set to"http://specs.openid.net/auth/2.0/identifier_select"
. With these set, I get another error, which can be resolved by also filling outopenid.realm
, with the same value asopenid.return_to
.Even though I also implemented RP discovery, Google does not appear to use it.