2

I am messing around with WebFinger and trying to create a small rails app that enables a user to log in using nothing but their WebFinger account. I can succesfully finger myself, and I get back an XRD file with the following snippet:

Link rel="http://specs.openid.net/auth/2.0/provider" href="http://www.google.com/profiles/{redacted}"/

Which, to me, reads, "I have an OpenID 2.0 login at the url: http://www.google.com/profiles/{redacted}". But when I try to use that URL to log in, I get the following error

OpenID::DiscoveryFailure (Failed to fetch identity URL http://www.google.com/profiles/{redacted} : Error encountered in redirect from http://www.google.com/profiles/{redacted}: Error fetching /profiles/{Redacted}: Connection refused - connect(2)):

When I replace the profile URL with 'https://www.google.com/accounts/o8/id', the login works perfectly.

here is the code that I am using (I'm using RedFinger as a plugin, and JanRain's ruby-openid, installed without the gem)

require "openid"
require 'openid/store/filesystem.rb'

class SessionsController < ApplicationController
  def new
    @session = Session.new
    #render a textbox requesting a webfinger address, and a submit button
  end

  def create
#######################
#
#  Pay Attention to this section right here
#
#######################
    #use given webfinger address to retrieve openid login
    finger = Redfinger.finger(params[:session][:webfinger_address])
    openid_url = finger.open_id.first.to_s
    #openid_url is now: http://www.google.com/profiles/{redacted}

    #Get needed info about the acquired OpenID login
    file_store = OpenID::Store::Filesystem.new("./noncedir/")
    consumer = OpenID::Consumer.new(session,file_store)
    response = consumer.begin(openid_url)  #ERROR HAPPENS HERE

    #send user to OpenID login for verification
    redirect_to response.redirect_url('http://localhost:3000/','http://localhost:3000/sessions/complete')
  end

  def complete
    #interpret return parameters
    file_store = OpenID::Store::Filesystem.new("./noncedir/")
    consumer = OpenID::Consumer.new(session,file_store)
    response = consumer.complete params
    case response.status
    when OpenID::SUCCESS
      session[:openid] = response.identity_url
      #redirect somehwere here
    end
  end
end

Is it possible for me to use the URL I received from my WebFinger to log in with OpenID?

cweiske
  • 30,033
  • 14
  • 133
  • 194
Ryan
  • 2,102
  • 4
  • 18
  • 23

1 Answers1

2

Yes, absolutely. Though I haven't released the source code (yet), you can test this out on webfinger.org. The implementation is basically as you describe. I'm not sure why your login example isn't working, unfortunately.

Blaine Cook
  • 21
  • 1
  • haha, that's where I had been testing things out :) Now I just need to figure out why the system is having problems fetching the address I give it – Ryan Apr 05 '10 at 18:22
  • Hey, when I log in on your site, it looks like I'm being redirected to https://www.google.com/accounts/o8/id Do you know if you are redirecting there, or if it's google reredirecting there? – Ryan Apr 05 '10 at 22:20
  • google.com/accounts/o8/id is/was the common OpenID identifier for Google's OpenID accounts. If I remember correctly, it's the identifier that webfinger.org uses by default for GMail accounts. – Blaine Cook Apr 06 '10 at 06:49
  • When I use webfinger, it's giving me www.google.com/profiles/{my account name}. Are you just ignoring that and using https://google.com/accounts/o8/id ? – Ryan Apr 07 '10 at 00:09