phpopenidlightopenid

Google suddenly started to return validation as false using LightOpenId


Using LightOpenID library, I managed to successfully implement OpenID in my website. However, a few days ago, it simply stopped to work when using Google as provider (it runs fine using Yahoo!). Since the day I implemented OpenID, it runned fine using any provider. I even had a few users using their Google Accounts to login. However, strangely, a few days ago Google stopped to work (while other providers still run fine), returning false on $openid->validate()

I tested using the example-google.php file with no modifications, provided by LightOpenID, but I had no luck. I also tested using different Google Accounts, no luck too. I even tested on different websites, but still no luck. Note that I am using shared host and curl is installed, running version 7.19.7

Did Google make any recent changes on it's system that is now causing this? Is there any other reason for this problem?


Solution

  • Other people are saying to enable cURL (which may be your issue), but in my case cURL was enabled.

    Some more snooping around and I found out that the request was going through request_streams() due to the following check failing in the function request (formatted for convenience):

    if (
      function_exists( 'curl_init' ) &&
      (
        !in_array( 'https', stream_get_wrappers() ) ||
        !ini_get( 'safe_mode' ) &&
        !ini_get('open_basedir' )
      )
    ) {
    

    Change it to:

    if (
      function_exists( 'curl_init' ) &&
      (
        !in_array( 'https', stream_get_wrappers() ) ||
        (
          !ini_get( 'safe_mode' ) &&
          !ini_get( 'open_basedir' )
        )
      )
    ) {
    

    Hope this helps.

    Edit: Forgot to say that I'm unsure if Google did make some change, but the fact that a lot of people using the same library having the same problem at the same time means something happened, and I can say that most people probably didn't change a thing. Google probably flicked some switch to make something more restrictive/secure.