hookflash / obsolete.op-identity-provider-server-php Goto Github PK
View Code? Open in Web Editor NEWOpen Peer Reference Identity Provider Server-side implemented in PHP
Open Peer Reference Identity Provider Server-side implemented in PHP
When identity-access-start
is sent for identity://twitter.com/
the inner frame does nothing.
Once moved, declare dependency via http://getcomposer.org/
See: https://github.com/openpeer/op-identity-provider-client-js/issues/3
If you login to facebook, it completes but window remains open and never completes. identity-login-complete notification never fires.
Update SQL setup file with the latest database setup.
Install PHP >= 5.4. on Lockbox instance in order for hex2bin() to be possible.
After that reassign back to me, so that I can refactor accordingly.
http://docs.openpeer.org/OpenPeerProtocolSpecificationAnnexRolodex/
rolodex-credentials-get should return error code result from inner frame to outer-frame when identity provider supports rolodex but particular identity does not.
Add support from JS side to be able to upload avatars and give displayNames for the users that are about to sign-up.
Make sure SMS and SMTP configs aren't compromised by auto-deploy, just the same as for config.php. These files are in the ...app/config/special/ directory
@elagerway Where can I find the design files?
Here is identity service's behavior:
https://gist.github.com/robin-raymond/365ba504527e4dfe328c
The "name" field is returned empty because it is not set in the database. It can be set only upon sign-up on identity provider, when identity provider sends hosted-identity-update. That request is checked and works correctly.
So, the issue is most probably that JS does not send "name" to PHP service on sign-up.
Example sign-up with "displayName":
{
"request": {
"$domain": "provider.com",
"$id": "abc",
"$handler": "identity-provider",
"$method": "sign-up",
"identity": {
"type": "federated",
"identifier": "adriano",
"passwordHash": "adjfhgqiu4rt346ruyegurfguaiy4tr4",
"secretSalt": "hwyuig5yg5tjhsvrktyg5jgk5ygt54",
"serverPasswordSalt": "wuiywg5tg765tiuysut6tsuygrtuue45",
"displayName": "Adriano Maljkovic"
}
}
}
On wrong password scenario the JS side should be behaving as:
Login failed due to wrong password typed!
In these commits ^^ wrong DBs have been dumped. Inside the op-identity-provider-server-php project no DB but the one called 'provider_db' can be dumped. This is a public repo and can have public dbs only. Other DBs, like hf_password1_db, hf_password2_db and hf_service_db, do not belong here. They should be private and can be dumped onside the hcs-servers-java repo.
If existing username is sent in a sign-up request, the server will respond in:
{
"result": {
"$domain": "provider.com",
"$id": "abc",
"$handler": "identity-provider",
"$method": "sign-up",
"$epoch": "1380547206",
"error": {
"reason": {
"$id": "403",
"message": "Identity already exists: identity of type: 'federated' with identifier: 'adi' cannot be created."
}
}
}
}
Please, return this error message to client.
Scenario:
sign-up
a user against identity provider (let's say federated)delete from user where user_id=<USER_ID>
user
table, but remains forever in federated
table.As a result for the login request, among other stuff, the server should return the hosting data which is consisted of the hostingProof and expiry.
It should be given in this format:
"hostingData": {
"nonce": "ghjg3y467trfyutfr67u5r345",
"hostingProof": "bg8fi674trystgye5t897t458utseou5t8964st89s5t76",
"hostingProofExpiry": 3744896567
}
I've been thinking that the example provider should make an "auto friends list" for the rolodex. This list should include all friends under the same app ID.
This would make a good way to easily test the application by us and others but not create a massive impossible list over time since the list is scoped just to those whom share the same app ID.
What do you think?
Create a new page at /test-service
that I can hit with a POST request to test the identity provider setup.
It should try to connect to mysql and maybe do some other things and then return with 200 if ok or 500 if not.
All usernames entered by a client should be normalized on JS side before being passed to any server. The normalization means to lower-case.
Robin is not same username as robin
identity://foo.com/robin
We should normalize all usernames that are case insensitive so the identity URI is stable / identical.
singup form is still a bit glichy on the new instance, I can make it work but it often boots me out of the cell I'm typing in for unknown reasons
@robin-raymond FYI
Browser visible notification seems to get sent when not needed after facebook oauth.
Notification may also be sent too early before facebook oauth.
Another notification may get sent later with the grant service when already granted. (depends on #38)
appid not being passed out through JS to servers on various requests.
After logging in again UI is stuck on Opening login page ...
.
Example: http://legacy.instances.system.hookflash.com/logs#identity-cpp-1382052405443-net.cadorn.hookflash.app1-67RlEb3zNtxxx-1384644391-e218309be1xxx
From line unable to associate identity as already shutdown
down is relogin.
Scenario:
It looks like it is having difficulties to shutdown the socket.
ICESocket [74] waiting for sockets to shutdown, total=1 @services_ICESocket.cpp(1126) [cancel]
stack::Account [66] shutdown still waiting for RUDP socket to shutdown @stack_Account.cpp(2090) [cancel]
Provide a way to upload avatars on sign-up page.
connected issue: #44
Add support for identity://github.com
Need an environment to start working on this. (code is almost complete, need to test)
Use hostingData given by server upon login to perform hosted-secret-part-get and hosted-secret-part-set.
Once CPS gets the devtools-database-clean request, it will perform a devtools-database-clean-provider request on every provider listed in request.
Example:
{
"request": {
"$domain": "provider.com",
"$id": "abc",
"$handler": "identity",
"$method": "devtools-database-clean-provider",
"nonce": "",
"hostingSecretProof": "",
"hostingSecretProofExpires": "",
"purpose": "",
"appids": [
"",
"",
""
]
}
}
After posting to inner frame: https://gist.github.com/cadorn/9eb4d0e2337380da5fd0
And completing facebook oauth I get redirected to my outerFrameURL but with a request appended to it: http://localhost:8081/test/stack/41-AccountFinder-Live&%7B%22result%22%3A%7B%22loginStat ...
HostingData should be returned upon login to the JS side, since it needs it for the hosted-secret-part-get/set.
https://idprovider.com/.well-known/openpeer-services-get
This request should ALWAYS be hit as a GET request. The 302 redirect that happens after this request will be sent to a different URL whereupon a POST request will be issued with the original domain.
Thus for hosting scenarios, it will hit identity provider like this as a GET (without a "request" payload):
https://idprovider.com/.well-known/openpeer-services-get
(302 redirect reply to cloud service, like hcs.io)
Whereupon a POST is issued with the full "request" payload with the domain information as "idprovider.com":
https://hcs.io/services-get
^^^ NOTE: This URL is NOT under .well-known for hcs.io since it's NOT describing the 'well-known' information for HCS's service.
This is necessary because it will be hard for developers to install PHP (or other stuff) under corporate "well-known" where scripting isn't always available.
For .well-known/openpeer-services-get under hcs.io you'd only have services described that are relevant to open peer services directly related to hcs.io exclusively (if any of those exist) and only include the entries that are relevant for hcs.io and not to any hosted service domains. If there is nothing to advertise it should return a 404.
Everything I need to do from cloning this repo to setting up the different auth strategies to testing it.
I don't think usernames should do the auto-typing correction
It's more frustrating than help. Possible to disable that from the signup / login form?
This request should be called from server side of identity provider to identity service.
It is needed for the identity service to be able to know the profile data of a user (avatars, profile, vprofile, feed, displayName).
The request should be called upon sign-up (for federated identities) and upon OAuth authentication if a new identity is being created. Also, should happen when a user changes it's profile (which will not be supported for the '1st phase').
From https://github.com/openpeer/opios/issues/28:
I tracked down the problem. It was just with one Facebook account. When I first tried to sign in with it I pressed the button that said hookflash could not post on my wall. Afterwards I tried removing the app from...
https://www.facebook.com/appcenter/my
...and repeating the process. I guess there is account info on the provisioning server that is preventing a clean start.
When I registered another Facebook account and used that it worked fine.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.