Extension talk:OpenID

Hi, nice extension, a few q's:

inline answered by Wikinaut 05:45, 25 October 2011 (UTC)

1. How does an openid-enabled wiki mix with a shared user table implemented using $wgSharedDB?

   I think, there are no problems, as long as userids are unique. I assume, that userids are unique in each database, i.e. each Wiki. See the database table skeleton (url next point)

2. What is stored in the user table by this extension when the user is first created?

   the MediaWiki userid of an account x, the registration timestamp when the OpenID registration took place, or when the OpenID identity was added to that account, the OpenID (Url). Remark: there can be many of such rows linked to a single account x - if the user has added more than one OpenID. See http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/OpenID/patches/openid_table.sql?view=markup . This is prepared for shared databases, as far as I can see.

3. Any idea how this extension interacts with ConfirmAccount, or, any suggestions if I want to record additional fields in the user table?

   I do not think that you need to modify anything. The only link the OpenID extension relies on is the standard MediaWiki userid given by MediaWiki core when an account was opened. OpenID creates its own table, and does not modify anything else. Removing OpenID is a matter of 1) deleting the table user_openid and 2) removing the require_once( "....OpenID" ) and 3) deleting $IP/extensions/OpenID and everything below this. I will add this to the manual.

   You can try it safely and then, if you don't like it, you can disable or remove it without leaving remains in your standard MediaWiki installation.

   If you encounter problems, hopefully you don't, please first study the first-aid information form on top of this talk page.

thanks.

It's different from this one in the way it does not give you any choice : you're connected against a google apps domain, and that's it. Worked for us ! see: Extension:GoogleAppsAuthentification

I'm getting a bug after downloading a very recent version of the OpenID extension (using the link provided by you). The bug is described here.

Seems to be a curl/ssl issue?

Cheers, --Dmb 23:53, 17 May 2011 (UTC)

Is it an https:// OpenID identity you are trying? Then, in my view, most probably the certificate may be invalid, see Extension:OpenID#Logging_in_using_OpenID. Check on your server whether or not a simple "wget <OpenID-Url>" does work without problems. This also relates to last posting in the google discussion --Wikinaut 00:14, 18 May 2011 (UTC)

I have no idea. I'm clicking on the big friendly Google logo (https://www.google.com/accounts/o8/id ?). --Dmb 09:01, 19 May 2011 (UTC)

Sorry, I think you did something wrong, as this is not the way to log in to your wiki. You need to click onto the Google (or another providers') logo on your Wiki OpenID login page which is Special:OpenIDLogin (on your wiki!).

Check carefully the path which must be added (currently) in LocalSettings.php, see point 5 of the installation. --Wikinaut 14:22, 19 May 2011 (UTC)

Yeah, I tried, I know how to log in. It fails. Hence the error. More details are in that Google groups thread if you read it. I'm not asking you sign up or anything. Cheers, --Dmb 14:38, 19 May 2011 (UTC)

Anyone know how to fix this yet? I'm guessing it's a PHP thing?

Your referata Wiki does not show the version number (0.10-dev) of my OpenID for MediaWiki version 1.16.1 I have sent you. So, you cannot expect it working, especially because you run PHP 5.3.x which requires at least this patch as mentioned on the OpenID article page: "Note: php-openid 2.2.0 requires a patch for PHP > 5.3.x versions to avoid "Call-time pass-by-reference is deprecated" errors.[1]". --Wikinaut 18:05, 20 May 2011 (UTC)

Information for those users who use Extension:User Merge and Delete together with Extension:OpenID: when using both extensions, the current version of User Merge and Delete ignores to copy OpenID settings of from the first (to be merged into the second and to be deleted) to the second account, and remains of the first account hinder the second account to use them (a property of the OpenID extension). An ad-hoc solution is to manually delete the remains of the first account in the table OpenIDs:

DELETE FROM user_openid WHERE uoi_user=<first_account_userid>;

This frees the OpenID(s) which were connected to the first account; the second account user (or anyone else who's entitled) can then freshly use the former OpenIDs which were connected to their first account before merging.

I'm getting two messages using this extension in my otherwise pristine error logs. They are:

PHP Warning:  Call-time pass-by-reference has been deprecated; 
  If you would like to pass it by reference, modify the declaration of [runtime function name]().
  If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file. 
  in PHP\PEAR\Auth\OpenID\AX.php on line 963 (also line 891)

and

PHP Notice:  Uninitialized string offset:  0 in includes\WebRequest.php on line 461

The second is a malformed URI - but I don't know why it's getting passed that way.

The first is obviously in the PHP Auth\OpenID pear package.

Any ideas?

The second one. Because you are not able to access to the default $wgOpenIDConsumerStorePath and $wgOpenIDServerStorePath. Set

 $wgOpenIDConsumerStoreType = "file";
 $wgOpenIDServerStoreType = "file";

and

 $wgOpenIDConsumerStorePath
 $wgOpenIDServerStorePath

--Onecountry 16:04, 27 May 2010 (UTC)

Any help about the first annoying log-message Call-time pass-by-reference...? Ankostis 16:45, 22 November 2010 (UTC)

--Wikinaut 21:07, 17 May 2011 (UTC)

I'm not even sure where to begin here. I downloaded the extension, uploaded it to my server, to ../extensions/ untarred the tarball. I edited LocalSettings.php to include

require_once("$IP/extensions/OpenID/OpenID.setup.php");

Then, ran php maintenance/update.php, which gives this error:

Content-type: text/html

<br />
<b>Parse error</b>:  syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' 
in <b>/home/content/29/5132729/html/gpbp/maintenance/commandLine.inc</b> on line <b>13</b><br />

Reloading the wiki, any page, gave only this:

Warning: require_once(Auth/Yadis/XRI.php) [function.require-once]: failed to open stream: No such file or directory in 
/home/content/29/5132729/html/gpbp/extensions/OpenID/SpecialOpenIDLogin.body.php on line 28

Fatal error: require_once() [function.require]: Failed opening required 'Auth/Yadis/XRI.php' 
(include_path='/home/content/29/5132729/html/gpbp:/home/content/29/5132729/html/gpbp/includes:/home/content/29/5132729/html/gpbp/languages:.:/usr/local/php5/lib/php') 
in /home/content/29/5132729/html/gpbp/extensions/OpenID/SpecialOpenIDLogin.body.php on line 28

I came here and read something about uploading the "Auth" folder from phph4-openid to my toplevel dir, so I did that, re-ran update.php, got the same error, and, when reloading the wiki, got:

Warning: require_once(Auth/OpenID/BigMath.php) [function.require-once]: failed to open stream: 
No such file or directory in /home/content/29/5132729/html/gpbp/Auth/OpenID.php on line 30

Fatal error: require_once() [function.require]: Failed opening required 'Auth/OpenID/BigMath.php' 
(include_path='/home/content/29/5132729/html/gpbp:/home/content/29/5132729/html/gpbp/includes:/home/content/29/5132729/html/gpbp/languages:.:/usr/local/php5/lib/php') 
in /home/content/29/5132729/html/gpbp/Auth/OpenID.php on line 30

I read the readme for the php4-openid extension, so, from that, determined it would be useful to run ../extensions/openidblahblah/examples/detect.php. Mostly that seemed to indicate that everything was as it should, except, it said libcurl was installed, but it failed to fetch a url, and, it says,

Your web server seems to corrupt queries.  Received , expected a=%26b.
Check for mod_encoding.

The server is running CentOS, and has php4.4. My wiki is MediaWiki 1.16.2. The host is godaddy.com.

The site is goodpayer-badpayer.info

I have ssh access, but not root.

--Tonybaldwin 03:49, 27 March 2011 (UTC)

It looks, as if you have not correctly set up your extensions/OpenID subdirectories. Try to redo following the installation instructions exactly. --Wikinaut 22:53, 27 March 2011 (UTC)

Okay, it does seem I missed one tiny detail in the installation instructions (adding $IP/extensions/OpenID/" to the $path). Also, it seems I had failed to upload the entire Auth directory. Gftp had dumped, and only half of it was there (thus the error saying tno URINorm.php, because it was missing). Now I've gotten those ironed out, and I can actually access the Special:OpenIDLogin page, I can't get it to work. I tried with my google account and with a livejournal OpenID. I'm going to look further into the suggested configs and get back here with either, a) a report of success, or b) details of my attempts, and the errors I receive.

Still no joy. I've gone over everything. The only thing I can find that I haven't been able to resolve is that there is no gmp, but, I'm on paid hosting with no root access to the server, so there's nothing I can do about that. Running examples/detect.php seemed to indicated that, while not optimal, bcmath would suffice. I can't compile php with gmp support without root access, so this extension is completely useless to me. The error I get when trying to add an OpenID is this:

A database query syntax error has occurred. This may indicate a bug in the software. The last attempted database query was:
(SQL query hidden)
from within function "SpecialOpenID::getUser". Database returned error "1146: Table 'goo1108409062663.mw_user_openid' doesn't exist (goo1108409062663.db.5132729.hostedresource.com)".

You apparently did not or could not run point 7 (run update.php) of installation instructions after having everything installed in the subdirectories and after having LocalSettings.php modified; this step adds new tables to the database needed for OpenID extension. But when not having GMP, the extension will not work, as indicated by you. If you can install a new Wiki, than perhaps an alternative is to install everything (all files) in place, and then to run the a new wiki installation, which will (should) update the database tables, too. --Wikinaut 05:31, 28 March 2011 (UTC)

Nothing I did in LocalSettings.php helped with this error. Editing OpenID.setup.php and adding my trust_root URL to $wgTrustRoot did the trick.

OpenID.setup.php

# Defines the trust root for this server
# If null, we make a guess
# $wgTrustRoot = null;
$wgTrustRoot = "http://www.example.com/wiki/";

--Beagle 17:18, 17 May 2008 (UTC)

Hmmm... that's odd. Just for fun, I commented the $wgTrustRoot entry in OpenID.setup.php and now it appears that the entry in LocalSettings.php is being read.

Yes, by George, it is reading LocalSettings.php now because if I comment the $wqTrustRoot entry there it fails. You can like see for yourself at tioat dot net slash wiki if ya don't believe me. I'm just so thrilled it works now. ;) --Beagle 09:47, 18 May 2008 (UTC)

I can confirm this works. I had the same problem as you, then I commented the line "$wgTrustRoot = null;" in OpenID.setup.php and it works fine now. --Figure002 20:06, 20 April 2010 (UTC)

I figured out the problem here. The default OpenID variables are created when OpenID.setup.php is included by the require_once line. By placing the variables in LocalSettings.php before OpenID.setup.php is included, the variables will be overwritten with the default values. So the solution, is to place the OpenID variables after the require_once line (I added a note about this in the article). --Figure002 20:39, 20 April 2010 (UTC)

Line 265:

if ( array_key_exists( 'http://axschema.org/namePerson/first', $ax ) || array_key_exists( 'http://axschema.org/namePerson/last', $ax ) )

should be

if ( isset($ax) && ( array_key_exists( 'http://axschema.org/namePerson/first', $ax ) || array_key_exists( 'http://axschema.org/namePerson/last', $ax ) ) ) {

to prevent warning message on line 265 when logging in using an OpenID for the first time and $ax is null.

I keep having this error: Verification of the OpenID URL failed. Error message: "Bad signature" on my mediawiki.

Prerequisites are confirmed, update ran, installation instructions followed, GMP is OK. Running on debian. Restarted the webserver, configged $wgTrustRoot. So how to deal with this message?

Config: require_once("$IP/extensions/OpenID/OpenID.setup.php"); $path = "$IP/extensions/OpenID"; set_include_path(get_include_path() . PATH_SEPARATOR . $path); $wgOpenIDShowProviderIcons = true; $wgTrustRoot = "http://www.website.com/";

The LoginForm from SpecialLogin has many desirable features that help manage new users - most of which are bypassed by the SpecialOpenIDLogin::createUser, including several notifications and other useful hooks. Has the concept of integrating these two functionalities been considered - I might be willing to do it, but don't want to waste my time if someone has already taken a shot at it. --jdpond 01:18, 23 November 2009 (UTC)

Since I spent the better part of a weekend getting this extension up and running on Windows IIS MySQ PHP (WIMP), thought I would document to minimize others' future misfortune.

Platform was MW 1.16 with php-openid-2.x.x-snapshot library

• First, you really want to use PEAR if you can. If you have not loaded it into your PHP environment, find instructions and do so.
• Download and extract the current php-openid package (I used devl version, 2.x.x-snapshot, but you may want to use the most current stable release) from here
• To integrate php-openid into your PHP environment, copy the extracted "auth" dir (and all subdirs) into your PEAR directory (default is C:\Program Files\PHP\PEAR. Hopefully in the future there will be a PEAR package for Windows that will do this for us, but for now, this works.
• You will need to add/enable several PHP extensions using PEAR via the following instructions executed from the command line:

C:\Program Files\PHP>pear install PHPUnit
C:\Program Files\PHP>pear install HTML_Common

• You will also need to manually add several extensions. First check to make sure these extensions exist in you PHP environment (they are usually found in the C:\Program Files\PHP\ext directory by editing the php.ini file and adding the following (if they are not already there):

[gmp]
extension=php_gmp.dll
 
[OpenSSL]
extension=php_openssl.dll
 
# The following are not required for current version, but will be required if MS LiveID is supported in the future:
 
[PHP_MHASH]
extension=php_mhash.dll
 
[PHP_DBA]
extension=php_dba.dll

• I had to manually add the new table and index using the MySQL query tool and using the edited commands from openid_table.sql.
• If you are using windows, you need to add a configuration definition before you activate OpenID otherwise you'll get an error about having an undefined random source:

define('Auth_OpenID_RAND_SOURCE', null);
require_once( "$IP/extensions/OpenID/OpenID.setup.php" );

Special Note:
I spent the majority of the time trying to figure out why I got the following error message:

"An error occurred during verification of the OpenID URL"

It turns out, it was because I had not enabled PHP OpenSSL extensions on that server.

Hope this helps --jdpond 01:18, 23 November 2009 (UTC)

I am currently running a clamshell openid server on ____/openid my wiki is at ____/w/Main_Page or ____/Wiki:Main_Page when i try to convert my current login "Lenary" to my OpenID on the same server, it gives me this error: "Verification of the OpenID URL failed. Error message: "Not in requested trust domain:____"" with a link. when i click this link, another error comes up: "Invalid openid.mode '<No mode set>'". i have tried changing the $wgTrustRoot to both of the above addresses, but neither work. $wgOpenIDConsumerDenyByDefault = false; me and a friend are working on rectifying this, but nothing is working. The /Auth from the library you asked for a prerequisite is at ____/w/Auth as well as /usr/share/php5 and /usr/?bin?/php5 (i'm not sure of the last one) i have no clue what to do now. I have tried all 3 addresses clamshell lets you use, ____/openid/clamshell.php?u=### ___/openid/?u=### ___/openid/### (sorry, i have obscured all addresses for security... ____ is the server domain name, ### is my clamshell username)

i have just also copied /Auth to ____/w/extensions/OpenID

Hi Anonymous. You shouldn't need to do this last step, but rather place Auth in $IP/includes, since it'll be automatically included in the include_path. Regarding the error you are getting, it's probably related with $wgTrustRoot. Try to set it to a value equal to the start of your wiki URL, including the port, if you're using other port than 80. It took me some time to figure that out. I'm using it with: ClamShell 0.6.7 and MediaWiki 1.12.0 (had to upgrade from 1.10 to support the i18n new stuff). Thanks to Evan Prodromou for the great work. Nuno Tavares 00:17, 3 May 2008 (UTC)

would that route be something like http://example.com/Wiki: (where http://example.com/Wiki:Main_Page was the main page, but http://example.com/w/ was the actual dir of the wiki? thanks for the help so far Nuno

http://example.com/ should be enough, I believe. Nuno Tavares 21:28, 5 May 2008 (UTC)

this would be a solution http://ioni2.com/2009/wordpress-openid-login-failed-invalid-openid-mode-no-mode-set-solved-for-both-wordpress-and-drupal/