Back to OpenID General Discussion Forum
0

How to use check_authentication parameter validation information?

A passport system is ASP, and now need to support the Yahoo account to login

I have been in accordance with the OpenID 2.0 standard to create "xrds" documents and "http://124.42.71.109/" to do a point, Yahoo is no longer prompted fraud warnings.

Here is what I do flow.

First, use the "MSXML2.ServerXMLHTTP" visit to the address below, by assochandle, and save for the cookie

CODE
https://open.login.yahooapis.com/openid/op/auth
?openid.ns=http://specs.openid.net/auth/2.0
&openid.mode=associate
&openid.assoc_type=HMAC-SHA1
&openid.session_type=no-encryption



Then, jump to the address below, for yahoo login

CODE
https://open.login.yahooapis.com/openid/op/auth
?openid.assoc_handle={on top saved cookie}
&openid.ax.mode=fetch_request
&openid.ax.required=country%2Cemail%2Cfirstname%2Clanguage%2Clastname
&openid.ax.type.country=http://axschema.org/contact/country/home
&openid.ax.type.email=http://axschema.org/contact/email
&openid.ax.type.firstname=http://axschema.org/namePerson/first
&openid.ax.type.language=http://axschema.org/pref/language
&openid.ax.type.lastname=http://axschema.org/namePerson/last
&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select
&openid.identity=http://specs.openid.net/auth/2.0/identifier_select
&openid.mode=checkid_setup
&openid.ns=http://specs.openid.net/auth/2.0
&openid.ns.ax=http://openid.net/srv/ax/1.0
&openid.ns.max_auth_age=0
&openid.ns.pape=http://specs.openid.net/extensions/pape/1.0
&openid.realm=http://124.42.71.109/
&openid.return_to=http://124.42.71.109/myyahoo.asp
&xopenid.lang.pref=tw



yahoo login is complete, jump back openid.return_to address, contains the following parameters

CODE
http://124.42.71.109/myyahoo.asp
?openid.ns=http://specs.openid.net/auth/2.0
openid.mode=id_res
&openid.return_to=http://124.42.71.109/myyahoo.asp
&openid.claimed_id=https://me.yahoo.com/a/yhqXBjNnj_4IUxC5EOyJ3zgqBvU-#7e2ec
&openid.identity=https://me.yahoo.com/a/yhqXBjNnj_4IUxC5EOyJ3zgqBvU-
&openid.assoc_handle=IzsV3HDo.1m1ylyqGrMNi5tsYObYdxvz.s648LGi0CBaonU8O3WRKZ9A
i45Vhj2sfsB7hb15_GKPHnbW6BM9e22_fnTUqZw5SzjGp5WF6kuGYo9irDnl2ybr..ZLBFk-
&openid.realm=http://124.42.71.109/
&openid.ns.ax=http://openid.net/srv/ax/1.0
&openid.ax.mode=fetch_response
&openid.ax.value.email=jearolz@yahoo.com
&openid.ax.value.language=en-US
&openid.response_nonce=2010-05-18T02:44:08Z6dhcXpCRCMfoWIZ_N2uyixxZRYAMaN1_Wg--
&openid.signed=assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_
nonce,return_to,signed,ax.value.email,ax.type.email,ax.value.language,ax.type.lan
guage,ns.ax,ax.mode,pape.auth_level.nist
&openid.op_endpoint=https://open.login.yahooapis.com/openid/op/auth
&openid.ax.type.email=http://axschema.org/contact/email
&openid.ax.type.language=http://axschema.org/pref/language
&openid.pape.auth_level.nist=0
&openid.sig=HFQ11uw20IU1nOwsiqvABx+3ftw=



No problem here, but the last step but always check information "is_valid:false"
I changed openid.mode = id_res to openid.mode = check_authentication
Then use "MSXML2.ServerXMLHTTP" visit:
CODE
https://open.login.yahooapis.com/openid/op/auth
?openid.ns=http://specs.openid.net/auth/2.0
openid.mode=check_authentication
&openid.return_to=http://124.42.71.109/myyahoo.asp
&openid.claimed_id=https://me.yahoo.com/a/yhqXBjNnj_4IUxC5EOyJ3zgqBvU-#7e2ec
&openid.identity=https://me.yahoo.com/a/yhqXBjNnj_4IUxC5EOyJ3zgqBvU-
&openid.assoc_handle=IzsV3HDo.1m1ylyqGrMNi5tsYObYdxvz.s648LGi0CBaonU8O3WRKZ9A
i45Vhj2sfsB7hb15_GKPHnbW6BM9e22_fnTUqZw5SzjGp5WF6kuGYo9irDnl2ybr..ZLBFk-
&openid.realm=http://124.42.71.109/
&openid.ns.ax=http://openid.net/srv/ax/1.0
&openid.ax.mode=fetch_response
&openid.ax.value.email=jearolz@yahoo.com
&openid.ax.value.language=en-US
&openid.response_nonce=2010-05-18T02:44:08Z6dhcXpCRCMfoWIZ_N2uyixxZRYAMaN1_Wg--
&openid.signed=assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_
nonce,return_to,signed,ax.value.email,ax.type.email,ax.value.language,ax.type.lan
guage,ns.ax,ax.mode,pape.auth_level.nist
&openid.op_endpoint=https://open.login.yahooapis.com/openid/op/auth
&openid.ax.type.email=http://axschema.org/contact/email
&openid.ax.type.language=http://axschema.org/pref/language
&openid.pape.auth_level.nist=0
&openid.sig=HFQ11uw20IU1nOwsiqvABx+3ftw=



Always get These lines:
CODE
ns: http://specs.openid.net/auth/2.0
is_valid:false



Ask, how I like to get "is_valid:rue"
Please help, thank you!
Sorry, my English ability is very low.

by
Report Abuse
2 Replies
  • Hi,

    If you want to call the Yahoo! OP endpoint to validate the assertion,
    then you shouldn't ask for association_handle in the first place.

    Please try without using any openid.assoc_handle in the first place.

    You can check Section 11.4.2.1 of the OpenID 2.0 spec
    http://openid.net/specs/openid-authenticat...ying_signatures

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    Report Abuse
    0
  • Thanks a lot, I have followed your advice changed my code to run successfully.
    PHP and ASP are running successfully.
    Thank you!
    Report Abuse
    0
Ask a Question

Recent Posts

in OpenID General Discussion