OpenID Example failing

On 8.1.0 I am attempting to run demo_openid

This doesn’t compile as-is, so I changed pp/1 call on last line to portray_clause.

I log in using the default ‘bob’ link,
get taken to the internal server and it displays the page.

?- % [Thread httpd@8000_2] Opening http://localhost:8000/user/bob ...
% [Thread httpd@8000_2] Scanning HTML document ...
% [Thread httpd@8000_2] OpenID Server='http://annieslaptop:8000/openid/server'
% [Thread httpd@8000_2] OpenID = 'http://localhost:8000/user/bob'
% [Thread httpd@8000_2] Trusting server 'http://annieslaptop:8000/openid/server'
% [Thread httpd@8000_2] OpenID: Associating with 'http://annieslaptop:8000/openid/server'
% [Thread httpd@8000_2] Reply: 
assoc_type:HMAC-SHA256
assoc_handle:tMvocfZdkII6+1oSwgzGHjAUwvN1AXR9Q27X6anNq3Q=
expires_in:86400
session_type:DH-SHA256
dh_server_public:RjNhgES8fxvlqS+h6rfv/dP/I+ZZ+/QOnvpK8u4V/y6epuU8yAnKm361D++KHeavbm7Nyq2qDSvdf449L1/TcLRwCsvaBgggWIxyOlKYezYLHwCVQSOI2lAbuwjRVPgdkBzJQSfZa+UJLXWSUUyd9zMCOtpCEkZOAZ/17Mhoss8=
enc_mac_key:XhnzJ0e5K84B4WS8YnvXb3//KnZWXMG2qf6BbqBfBEQ=

% [Thread httpd@8000_2] Assert openid_login('http://localhost:8000/user/bob','http://localhost:8000/user/bob','http://annieslaptop:8000/openid/server','http://localhost:8000/test/allow') in 'fc92-40fb-b407-6104.annieslaptop'
% [Thread httpd@8000_2] XAttrs: _7286
% [Thread httpd@8000_2] AX: not supported

I fill in the form, with ‘hello’ in the password field, and click ‘grant’.

boom -

?- % [Thread httpd@8000_2] Granting access to [identity('http://localhost:8000/user/bob'),password(hello),trustroot('http://annieslaptop:8000/')]
% [Thread httpd@8000_2] Signed:
mode:id_res
identity:http://localhost:8000/user/bob
assoc_handle:tMvocfZdkII6+1oSwgzGHjAUwvN1AXR9Q27X6anNq3Q=
return_to:http://annieslaptop:8000/openid/authenticate

Signature: [37,133,54,46,240,211,6,245,92,129,90,112,108,20,239,189,7,190,234,164,183,23,50,212,236,63,150,66,131,171,104,100]
% [Thread httpd@8000_4] Mode=id_res, validating response
% [Thread httpd@8000_4] OpenID: Lookup association with handle 'tMvocfZdkII6+1oSwgzGHjAUwvN1AXR9Q27X6anNq3Q='
% [Thread httpd@8000_4] Signed:
mode:id_res
identity:http://localhost:8000/user/bob
assoc_handle:tMvocfZdkII6+1oSwgzGHjAUwvN1AXR9Q27X6anNq3Q=
return_to:http://annieslaptop:8000/openid/authenticate

Signature: [37,133,54,46,240,211,6,245,92,129,90,112,108,20,239,189,7,190,234,164,183,23,50,212,236,63,150,66,131,171,104,100]
% [Thread httpd@8000_4] Form: ['openid.mode'=id_res,'openid.identity'='http://localhost:8000/user/bob','openid.assoc_handle'='tMvocfZdkII6+1oSwgzGHjAUwvN1AXR9Q27X6anNq3Q=','openid.return_to'='http://annieslaptop:8000/openid/authenticate','openid.signed'='mode,identity,assoc_handle,return_to','openid.sig'='JYU2LvDTBvVcgVpwbBTvvQe+6qS3FzLU7D+WQoOraGQ=']
% [Thread httpd@8000_4] AX: []
% [Thread httpd@8000_4] No openid_login/4 term in session '118a-9815-8467-eb95.annieslaptop'
% [Thread httpd@8000_4] GET /openid/authenticate: [500] goal unexpectedly failed: http_openid:openid_authenticate([session('118a-9815-8467-eb95.annieslaptop'),protocol(http),peer(ip(127,0,0,1)),pool(client('httpd@8000',user:http_dispatch,<stream>(0x7f9eec015260),<stream>(0x7f9eec010e20))),input(<stream>(0x7f9eec015260)),method(get),request_uri('/openid/authenticate?openid.mode=id_res&openid.identity=http%3A//localhost%3A8000/user/bob&openid.assoc_handle=tMvocfZdkII6%2B1oSwgzGHjAUwvN1AXR9Q27X6anNq3Q%3D&openid.return_to=http%3A//annieslaptop%3A8000/openid/authenticate&openid.signed=mode,identity,assoc_handle,return_to&openid.sig=JYU2LvDTBvVcgVpwbBTvvQe%2B6qS3FzLU7D%2BWQoOraGQ%3D'),path('/openid/authenticate'),search(['openid.mode'=id_res,'openid.identity'='http://localhost:8000/user/bob','openid.assoc_handle'='tMvocfZdkII6+1oSwgzGHjAUwvN1AXR9Q27X6anNq3Q=','openid.return_to'='http://annieslaptop:8000/openid/authenticate','openid.signed'='mode,identity,assoc_handle,return_to','openid.sig'='JYU2LvDTBvVcgVpwbBTvvQe+6qS3FzLU7D+WQoOraGQ=']),http_version(1-1),host(annieslaptop),port(8000),user_agent('Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0'),accept([media(text/html,[],1.0,[]),media(application/'xhtml+xml',[],1.0,[]),media(application/xml,[],0.9,[]),media(_1288/_1290,[],0.8,[])]),accept_language('en-US,en;q=0.5'),accept_encoding('gzip, deflate'),referer('http://annieslaptop:8000/openid/server?openid.ns=http%3A//specs.openid.net/auth/2.0&openid.mode=checkid_setup&openid.identity=http%3A//localhost%3A8000/user/bob&openid.claimed_id=http%3A//localhost%3A8000/user/bob&openid.assoc_handle=tMvocfZdkII6%2B1oSwgzGHjAUwvN1AXR9Q27X6anNq3Q%3D&openid.return_to=http%3A//annieslaptop%3A8000/openid/authenticate&openid.realm=http%3A//annieslaptop%3A8000/'),connection('keep-alive'),cookie([swipl_session='118a-9815-8467-eb95.annieslaptop']),upgrade_insecure_requests('1')])
In:
  [19] throw(error(goal_failed(...),_1412))
  [18] http_dispatch:call_action(http_openid:openid_authenticate,[session('118a-9815-8467-eb95.annieslaptop'),...|...]) at /home/anniepoo/.swivm/versions/8.1.0/lib/swipl/library/http/http_dispatch.pl:935
  [16] time:run_alarm_goal('<garbage_collected>','<garbage_collected>') at /home/anniepoo/.swivm/versions/8.1.0/lib/swipl/library/time.pl:145
  [15] setup_call_catcher_cleanup(time:alarm(300,...,...,...),time:run_alarm_goal(...,...),_1530,time:remove_alarm_notrace(...)) at /home/anniepoo/.swivm/versions/8.1.0/lib/swipl/boot/init.pl:466
   [8] httpd_wrapper:call_handler('<garbage_collected>',11,'<garbage_collected>') at /home/anniepoo/.swivm/versions/8.1.0/lib/swipl/library/http/http_wrapper.pl:320
   [7] catch(httpd_wrapper:call_handler(...,11,...),error(goal_failed(...),context(_1660,_1662)),httpd_wrapper:true) at /home/anniepoo/.swivm/versions/8.1.0/lib/swipl/boot/init.pl:384
   [6] httpd_wrapper:handler_with_output_to(user:http_dispatch,11,'<garbage_collected>',current_output,error(goal_failed(...),context(_1726,_1728))) at /home/anniepoo/.swivm/versions/8.1.0/lib/swipl/library/http/http_wrapper.pl:297
   [5] httpd_wrapper:handler_with_output_to('<garbage_collected>',11,'<garbage_collected>',<stream>(0x7f9eec011a90),error(goal_failed(...),context(_1780,_1782))) at /home/anniepoo/.swivm/versions/8.1.0/lib/swipl/library/http/http_wrapper.pl:309

Sorry to not have done more, feel like I’m saying ‘fix my code’, but unsure what I’m doing wrong - I’m guessing this is bitrot.

I guess it is bitrot. My stack is a bit deep at the moment though. I have the impression that good old plain OpenID is dead anyway and all is now about oauth2/OpenIDConnect. OpenIDConnect has very little to do with old OpenID. Do you still see a role of the good old OpenID?

OK, if it’s dead I won’t bother.
I’m just beginning to learn about these authorization technologies.

I’m just trying to provide a reasonable 3rd party identity verification capacity for pack(identity).

We provide OpenIDConnect in the form of google_client.pl. I think it’s outside of scope for me to provide more than the underlying libs support, so for now I’ll only support Google for OpenIDConnect login.

I’m still relying on the OpenID client part for loggign in with Yahoo accounts to my application. Once the oauth support in the official distribution is generic enough to support more then just google I would start to use it also with other id providers.

I think I didn’t got the OpenID server part/demo to work when I tried, but the client part works fine. You may find the communication to that topic from 2016 here:
http://www.swi-prolog.org/forum?place=topic%2Fswi-prolog%2FgLpMsidbBrI%2Fdiscussion
Jan, you commented this time, that the client and server deviated by their protocol versions…but then fixed the demo…

Kind regards,
Wolfram.

The good stuff with a reasonable reusable architecture is in SWISH.