This is some basic information I've gathered about support for Google Apps OpenID provider in Drupal. I'm not an expert on this, but since I found virtually no clear information I'm going to dump what I found here.
If you try a url like https://www.google.com/accounts/o8/site-xrds?hd=example.com in Drupal, you will be routed to the Google Apps account. You can log in and authorize to share information. However, when you get back to the Drupal you get "OpenID login failed". Looking at the code in openid_complete(), openid.module simply fails to find the response components and fails. I debugged the data in the response and a screenshot of this data is attached.
So as far as I can tell, some additional stuff is needed for Drupal to do this. I found a comment by Heine and this led me to an informative page about OpenID discovery. This in turn led me to this test form where I was able to confirm that Google Apps provides OpenID for both Standard and Premier accounts.
So that's about as far as I got before giving up. :)
| Attachment | Size |
|---|---|
| google-apps-response.png | 225.2 KB |
Comments
Solution...
Is this module a possible solution?
http://drupal.org/project/openid_client_ax
I don't think so, it is for
I don't think so, it is for AX attribute exchange.
But most of its functionality was moved to Drupal 7 OpenID core module, so it will not be probably ported to D7. Are you using D7 right? See this issue: http://drupal.org/node/752672
I tested it with D6 for good
I tested it with D6 for good measure, but it didn't "just work", so too surprising. The reason I suspected openid_client_ax was because there are many references to AX in the discovery mechanism that google uses.
XRDS Simple?
This might be the step forward: http://drupal.org/project/xrds_simple - but this is only API, you need to define service in own module by implementing hook_xrds().
I'm now working on integration with http://mojeid.cz and I also found that OpenID support in D6 is VERY limited. It seems that nobody is using OpenID seriously...
thanks for the info
Thanks for the info, I appreciate gathering any insight into this.
I tend to agree, in D6 I found re-using the openid components difficult, the way it's so tied into the drupal login form and so on. It's probably a symptom of it being rushed into core without spending time in contrib. It would be nice to help with this but honestly I find much of the spec a bit opaque!
Does this mean openid is simply a failed idea?
Anyone know anything more about this? I am a new Drupal admin, having just spent a few days figuring out how to set my Drupal 6.20 system up (old versions since I am trying CiviCRM). I am (was) also not a user of OpenID... and am wondering if that effort has just been given up in the world. I followed the drupal login module's link to link to http://openid.net, which told I could use my "Google Profile URL", which was not so: Google told me I had that set up as "http://www.google.com/profiles/forusCSM" and that failed in Drupal openid as invalid ("Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly"). Then, when I search Google for "openid google" I find a page that reports "You can use your Google Account to log into any site that supports OpenID! Just enter "http://openid-provider.appspot.com/XXX" as your OpenID URL" (contradicting http://openid.net), where "XXX" is an email address I registered with Google. However, that fails with "OpenID login failed" (As this post reports) despite the fact when I return to http://openid-provider.appspot.com it shows "confirmed" authentications matching my "openid-provider.appspot.com" logins I tried with Drupal openid that failed.
If I can't do this, having been a computer programmer for about 25 years now, how well is this whole thing going to work for "civi" type users? I guess from the thread so far it is not; so why it is in the release a pre-distributed module I can just turn on if it doesn't even work with God? Shame since it seems that the it works enough that the protocol reached out and was authenticated... but then it just failed quietly somewhere else.
Any comments and/or help would be appreciated.
Thanks,
Cris
I believe it works with a
I believe it works with a normal @gmail address. But, as I said, it doesn't work with Google Apps account which is based on a next-generation OpenID spec that is still unfinished.
Personally, the debate on whether OpenID is still relevant or not bores me. We just need someone smarter than me to make it work with Drupal!
Still having what appears to be same problem
It's September 11, 2013 and I just ran into what appears to be the same problem that sime described. (I am logged into Drupal as an administrator and I am trying to add an OpenId to another user.)
To begin with, I successfully tested my OpenId with the test form that sime suggested (http://www.puffypoodles.com/). For my OpenId I provided the URL for my Google+ profile page (as is suggested at http://openid.net/get-an-openid/ and http://webapps.stackexchange.com/questions/18899/how-do-i-figure-out-my-...).
The PuffyPoodles test form confirmed that it received my email address back through "AX Fetch Email Response". So, as long as the Drupal OpenId module works similarly to the PuffyPoodles test form then I think the Drupal OpenId module should be working? However, the module keeps giving me the error "OpenID login failed" or no message at all but in any case, it isn't working.
To help debug, I put some watchdog(...) function calls in the openid.module file code's function "openid_complete(...)". Upon testing, I never saw the execution get past the if statement that checks whether $response['openid.mode'] is set. Apparently it never got set in my tests.
Based on https://drupal.org/node/1078476, it looks like I'm not the only person who has tried to debug this code. That thread has some patches for logging additional information. I did not try any of them because I don't know (yet) how to install such a patch.
*Update: I finally determined that a setting by HostGator was the problem. https://groups.drupal.org/node/315888