| Project: | Google Authentication for Web Applications |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | task |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs work |
Issue Summary
The functioning of the current version only allows unregistered authentication. If a user has already registered their site with google as a web app the authentication process fails.
Use:
Call to google_auth_required() with the URL identifying the service(s) to be accessed.
Expected Results:
User is redirected to google. After signing in to their google account they are offered the option to grant access. When the user grants access google returns to the originating page and the " You have authenticated with Google." message should be displayed.
Actual Results (with registered site, no security certificate):
User is redirected to google. Google displays:
The page you have requested cannot be displayed. Another site was requesting access to your Google Account, but sent a malformed request. Please contact the site that you were trying to use when you received this message to inform them of the error. A detailed error message follows:
AuthSub target path prefix does not match the provided "next" URL.
I am working on patching this feature so assigned the request to myself. Please read on for more detail of my proposal.
Request:
Improve the functioning of this module to provide a method for registered sites to authenticate.
Proposed Additional Use Case:
1. Administrator configures site settings for google_auth
Proposed function change:
function _google_auth_next() alteration to check configuration setting for registered site. If registered we use the target path provided in the configuration settings else we assume unregistered and build the url as usual.
Proposed additional functions.
- google_auth_admin() to provide an admin configuration form for the module.
- google_auth_redirect() to provide a dummy landing page for the target path which redirects back to the originating page.
- google_auth_menu() to allow drupal to handle the above functions
| Attachment | Size |
|---|---|
| google_access.jpg | 55.95 KB |
Comments
#1
I'm going to need to dig into this a little deeper myself as I thought I had tested against registered websites. Feel free to hack away at a patch in the meantime. My primary objective is to make sure that this module will function first and foremost on the api level. We can add additional UI elements to help control some variables but will want to make sure that the module can continue to function as a pure API.
#2
RFC
This is my first ever patch submission to the drupal community so please feel free to comment or provide advice.
This patch is for google_auth.module v 1.1.2.1.
Changes Made
This patch provides a number of significant changes which I hope align with cyberswat's overall vision for this module. The changes are designed to keep the google_auth API simple.
To do this a number of hook functions have been added to support an administrative configuration form. The idea being that this module should handle the complexity of the google API.
The configuration form allows an administrator to set their domain registration status and security parameters.
In addition it provides a method for registered sites to use a single URL (mydomain.com/gauth) as a target path as required by the Google Authentication API. A menu callback is used to trigger a redirect which hands control back to the module that originally requested Google authentication.
A further change is splitting _google_auth_sub_request() into two functions. _google_auth_sub_request() and _google_auth_exchange(). The google_auth_sub_request function handles a single use token while the _google auth_exchange function provides a method to exchange a single use token for a session token.
To Do:
Complete the token exchange method for secure transactions.
Need to generate a random 64 bit unsigned number encoded as an ASCII string in decimal This still needs some work so the entire secure response has been commented out until a solution is found.
Check code for compliance to Drupal coding standards.
Thoroughly test the code out.
I have tested major sections of this code, however the current picasa module needs updated to pass the variables object. The secure transaction method has not been tested. This version is still very much in the DEV state.
Use
Website administators fill out the Google Authentication settings for their site (domain).
Dependent modules e.g. Picasa module call google_auth_required passing an object containing two parameters. These are the scope (e.g http://picasaweb.google.com/data/) and boolean session flag indicating whether a session token is required (1 - session token required, 0 - session token not required).
#3
Changing the issue settings to 6.x-1.x-dev, task needs work.
#4
Please ignore google_auth-issue432764-comment2.patch
Discovered a problem with splitting _google_auth_sub_request() into two functions which causes a redirection loop. Merged _google_auth_exchange() back into _google_auth_sub_request().
Also changed the _google_auth_handoff function to call google_auth_required when a session token is required.
Tested this patch out on a registered site with no secure requests and it appears to work well.
#5
#6
Hi.
I've copied the patch number 4 and I reveived the error:
warning: Invalid argument supplied for foreach() in /opt/lampp/htdocs/master/sites/all/modules/google_auth/google_auth.module on line 171.
Authentication with Google has failed. Please try again.
You are reading this page because:
* An error occured during the Authentication process with Google.
* The page was reached either manually or from a web site other than Google
Tnx for the answers.