Google Groups

Re: return_to url invalidated by Google


rd Apr 30, 2012 6:48 AM
Posted in group: Google Federated Login API

Got there eventually but what a pain. Why is nothing ever simple?
Here is what I found.

1. openid spec uses object (dot) notation for single dimensional HTTP query parameter names
2. Oracle mod pl/sql expects simple names for query fields to match procedure parameter names and cannot deal with object notation even though procedure parameters can be objects.
3. Even if mod pl/sql could deal with object notation, "mode" is a reserved word.

Solution

return_to = /app/my_proc or /app/my_proc?my_param=x&...
returned by Google = /app/my_proc?openid.ns=...

procedure my_proc
 (openid_ns in varchar2
 ,openid_mode in varchar2
 ,openid_op_endpoint in varchar2
 ,openid_response_nonce in varchar2
 ,openid_return_to in varchar2
 ,openid_assoc_handle in varchar2
 ,openid_signed in varchar2
 ,openid_sig in varchar2
 ,openid_identity in varchar2
 ,openid_claimed_id in varchar2)
is...

Apache httpd.conf rewrite rules

RewriteEngine on
RewriteLog \ora\web\Oracle_WT1\instances\instance1\diagnostics\logs\OHS\ohs1\rewrite.log
RewriteLogLevel 0

# Only try and rewrite the correct url
RewriteCond %{REQUEST_URI} ^/.*?/my_proc
# Make sure the openid params are preceded by at least 1 other param to force a regular pattern
RewriteCond %{QUERY_STRING} (.*)
RewriteRule (.*) $1?x=x&%1

# 10 openid query fields but only 9 replacement variables so need 2 rules

RewriteCond %{REQUEST_URI} ^/.*?/my_proc
# Match first 5 openid query params and store query string sections to be preserved
RewriteCond %{QUERY_STRING} (.*?&)openid\.(.*?&)openid\.(.*?&)openid\.(.*?&)openid\.(.*?&)openid\.(.*)
# Rewrite first 5 query params as "openid_" instead of "openid."
RewriteRule (.*) $1?%1&openid_%2&openid_%3&openid_%4&openid_%5&openid_%6

# Repeat for second 5 openid query params
RewriteCond %{REQUEST_URI} ^/.*?/my_proc
RewriteCond %{QUERY_STRING} (.*?&)openid\.(.*?&)openid\.(.*?&)openid\.(.*?&)openid\.(.*?&)openid\.(.*)
RewriteRule (.*) $1?%1&openid_%2&openid_%3&openid_%4&openid_%5&openid_%6

RewriteCond %{REQUEST_URI} ^/.*?/my_proc
# Remove the dummy param
RewriteCond %{QUERY_STRING} x=x&(.*)
RewriteRule (.*) $1?%1

Thanks for all your help

On Wednesday, 25 April 2012 10:47:52 UTC+1, rd wrote:

The return_to url I supply to Google takes the form http://www.example.com/cloud/schema.my_return_proc?param=OPENID
This return_to url is rewritten by Google to return additional data as http://www.example.com/cloud/schema.my_return_proc?param=OPENID&openid.mode=id_res&...
My problem is that my database/web server (Oracle/mod pl/sql) sees the parameter openid.mode as an object reference so I need to provide an openid object as a parameter. However, "mode" is a reserved word so I cannot do this.
 
Can anyone suggest a work around or easy Apache config to rewrite &openid.mode=id_res as &openid_mode=id_res
 
If anyone from Google is reading this, could Google make this change and avoid the issue completely. Since Google have no way of knowing what the return_to url is to be processed by, would it not be far more sensible to stick to standard nomenclature.

On Wednesday, 25 April 2012 10:47:52 UTC+1, rd wrote:
The return_to url I supply to Google takes the form http://www.example.com/cloud/schema.my_return_proc?param=OPENID
This return_to url is rewritten by Google to return additional data as http://www.example.com/cloud/schema.my_return_proc?param=OPENID&openid.mode=id_res&...
My problem is that my database/web server (Oracle/mod pl/sql) sees the parameter openid.mode as an object reference so I need to provide an openid object as a parameter. However, "mode" is a reserved word so I cannot do this.
 
Can anyone suggest a work around or easy Apache config to rewrite &openid.mode=id_res as &openid_mode=id_res
 
If anyone from Google is reading this, could Google make this change and avoid the issue completely. Since Google have no way of knowing what the return_to url is to be processed by, would it not be far more sensible to stick to standard nomenclature.