Logging in with WebFinger and OpenID
- by Ryan
I would like to apologize in advance for the ugly formatting. In order to talk about the problem, I need to be posting a bunch of URLs, but the excessive URLs and my lack of reputation makes StackOverflow think I could be a spammer. Any instance of 'ht~tp' is supposed to be 'http'. '{dot}' is supposed to be '.' and '{colon}' is supposed to be ':'. Also, my lack of reputation has prevented me from tagging my question with 'webfinger' and 'google-profiles'.
Onto my question:
I am messing around with WebFinger and trying to create a small rails app that enables a user to log in using nothing but their WebFinger account. I can succesfully finger myself, and I get back an XRD file with the following snippet:
Link rel="ht~tp://specs{dot}openid{dot}net/auth/2.0/provider" href="ht~tp://www{dot}google{dot}com/profiles/{redacted}"/
Which, to me, reads, "I have an OpenID 2.0 login at the url: ht~tp://www{dot}google{dot}com/profiles/{redacted}". But when I try to use that URL to log in, I get the following error
OpenID::DiscoveryFailure (Failed to fetch identity URL ht~tp://www{dot}google{dot}com/profiles/{redacted} : Error encountered in redirect from ht~tp://www{dot}google{dot}com/profiles/{redacted}: Error fetching /profiles/{Redacted}: Connection refused - connect(2)):
When I replace the profile URL with 'ht~tps://www{dot}google{dot}com/accounts/o8/id', the login works perfectly.
here is the code that I am using (I'm using RedFinger as a plugin, and JanRain's ruby-openid, installed without the gem)
require "openid"
require 'openid/store/filesystem.rb'
class SessionsController < ApplicationController
def new
@session = Session.new
#render a textbox requesting a webfinger address, and a submit button
end
def create
#######################
#
# Pay Attention to this section right here
#
#######################
#use given webfinger address to retrieve openid login
finger = Redfinger.finger(params[:session][:webfinger_address])
openid_url = finger.open_id.first.to_s
#openid_url is now: ht~tp://www{dot}google{dot}com/profiles/{redacted}
#Get needed info about the acquired OpenID login
file_store = OpenID::Store::Filesystem.new("./noncedir/")
consumer = OpenID::Consumer.new(session,file_store)
response = consumer.begin(openid_url) #ERROR HAPPENS HERE
#send user to OpenID login for verification
redirect_to response.redirect_url('ht~tp://localhost{colon}3000/','ht~tp://localhost{colon}3000/sessions/complete')
end
def complete
#interpret return parameters
file_store = OpenID::Store::Filesystem.new("./noncedir/")
consumer = OpenID::Consumer.new(session,file_store)
response = consumer.complete params
case response.status
when OpenID::SUCCESS
session[:openid] = response.identity_url
#redirect somehwere here
end
end
end
Is it possible for me to use the URL I received from my WebFinger to log in with OpenID?