yohcop / openid-go Goto Github PK
View Code? Open in Web Editor NEWOpenID consumer implementation in Go - golang
License: Other
OpenID consumer implementation in Go - golang
License: Other
The example code from Appendix A.4. HTML Identifier Markup doesn't work:
<link rel="openid2.provider openid.server"
href="http://www.livejournal.com/openid/server.bml"/>
My OID provider provides nickname/email, and I know it's working because GNUSocial is able to retrive them. How do I retrive them with openid-go ?
I noticed the nonce store is time-based (1 minute lifetime) -- how about also providing a time-based discovery cache ? Am I right that the discovery cache would make changes to the OpenID URI page invisible once the discovered information is cached, at the moment ?
I've looked through, and every single fork of https://github.com/fduraffourg/go-openid including the unmaintained master has the same gaping security hole:
The majority of the openid verification is unimplemented and any openid.op_endpoint
can be passed in, making the whole process pointless and trivial to bypass.
I would either remove the link from your readme, or at least make a note that every branch (as of right now) is completely insecure.
Could you add extension support for sreg
I have implemented one for myself. I think it is basically modify a bit in function buildRedirectURL under redirect.go.
Running go test
from the integration
directory results in the following output:
MacBook-Pro:integration doug(master)$ go test
--- FAIL: TestGoogleCom (0.22s)
discovery_test.go:36: Discovery failed
discovery_test.go:39: Unexpected endpoint:
discovery_test.go:42: Unexpected localId:
discovery_test.go:45: Unexpected claimedId:
FAIL
exit status 1
FAIL github.com/yohcop/openid-go/integration 1.895s
Both the Google URLs in the test file return HTTP 404 not founds.
$ curl -v https://www.google.com/accounts/o8/ud 2>&1|grep '< HTTP/1.1'
< HTTP/1.1 404 Not Found
$ curl -v https://www.google.com/accounts/o8/id 2>&1|grep '< HTTP/1.1'
< HTTP/1.1 404 Not Found
It appears that Google has dropped OpenID 2.0 support. Probably the solution to this is to remove Google from the integration tests.
$ go get github.com/yohcop/openid.go/src/openid
package exp/html: unrecognized import path "exp/html"
$ go version
go version go1.1.2 linux/amd64
wordpress.com exposes openid.server
and openid.delegate
rel links, and openid-go complains with LINK with rel=openid2.provider not found
-- is there any plan to support the old version ?
I've read somewhere that new wordpress.com blogs will NOT support OpenID at all, but there are many old blogs that will continue to work with the old openid version.
I added a fmt.Println("This is the endpoint: " + endpoint)
into nonceStore.go
inside the Accept method
but it prints empty with no value, is this to be expected?
jchen@rousseau> go get github.com/yohcop/openid.go
stat github.com/yohcop/openid.go: no such file or directory
https://groups.google.com/forum/?fromgroups#!topic/golang-nuts/dnOK9j5Fvn4
Is it possible to rename this project to openid-go or the like?
Sorry for using your issues as a way to do this, but just wondering if you wanted to link to it from your readme or anything, I've created a package https://github.com/Gacnt/gormid so that users can easily use gorm
to store their nonces / discovery caches in any type of database that gorm
supports e.g. mysql/postgres/sqlite
and more.
I also made a SQLX adapter
https://github.com/Gacnt/sqlxid
Using your example I got such error: " Nonce too old" What can I do?
And could you be more specific about your comment:
// For the demo, we use in-memory infinite storage nonce and discovery
// cache. In your app, do not use this as it will eat up memory and never
// free it. Use your own implementation, on a better database system.
// If you have multiple servers for example, you may need to share at least
// the nonceStore between them.
what is "own better implementation"? How to do this? I don't understand quite good meaning of nonce and discovery cache.. sorry.
THank you for any kind of help.
At https://github.com/yohcop/openid-go/blob/master/normalizer.go#L22
if id
comes in as empty string ""
this panics with an index out of range instead of returning an error.
Hi,
Can you explain how to use the discovery cache. I see that the cache is not at all used, because while there is a Get in verify.go, there is no Put in the code anywhere. Am I supposed to do the Put myself?
In verify.go - control goes to and discovered is always nil
168 discovered := cache.Get(endpoint)
Then it returns from this block, but I don't see cache.Put anywhere in code.
197 if ep == endpoint {
Are we supposed to Put the discovered url at this point, or do this externally? An example will help greatly.
I am sorry if the question is unclear, and i haven't fully understood the code or protocol, so it may be my flawed understanding, apologies in advance.
Hi!
Could you please attach some license for your library? I couldn't find anything, and I'd like to know if I could use it in my projects, and under what conditions.
Thanks in advance!
Would you be willing to commit the Apache v2 as a dedicated file (eg: named 'LICENSE')? Apologies for the request, but some legal teams require this for code use.
https://github.com/yohcop/openid-go/blob/master/_example/server.go#L52-L54
I want here detailed example. In this case, I do not know what to definition in fullurl
and discoveryCache
, nonceStore
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.