Beginner GITkit Questions
608 views
Skip to first unread message
Timothy Washington
Dec 11, 2011, 3:14:55 PM12/11/11
to google-iden...@googlegroups.com
Hi all,
I followed the initial steps here, for using Google's GITkit implementation of an 'Account Chooser'.
But I still have a few questions, as I don't quite know how to handle the entire data flow.
A) don't quite understand how ID Provider authentication, fits into my data model
- when implementing the callbackURL, what data should I expect, and how's that
session state managed by GITkit (and all Account Choosers)
B) Is there a way to set this up the 'callbackURL' for development.
- the identity provider would need a URL that it can redirect back to
C) How can the GITkit / Account Chooser workflow let my users register an account that's native to my app?
Thanks in advance
Tim
Jinhui Du
Dec 12, 2011, 10:05:33 AM12/12/11
to google-iden...@googlegroups.com
Please find the reply inlined.
On Mon, Dec 12, 2011 at 4:14 AM, Timothy Washington <twas...@gmail.com> wrote:
Hi all,I followed the initial steps here, for using Google's GITkit implementation of an 'Account Chooser'.But I still have a few questions, as I don't quite know how to handle the entire data flow.A) don't quite understand how ID Provider authentication, fits into my data model- when implementing the callbackURL, what data should I expect, and how's thatsession state managed by GITkit (and all Account Choosers)
The IDP will redirect the user browser to the callbackURL after the user logs in the IDP and approve or deny the account info share request.
The IDP may return a HTTP 302 code or use a form POST. The URL param or the post body contains the user info. The callback page needs to handle both the GET and POST requests. As you can the source code client library the library directly send the data to the "verifyAssertion" API to parse and verify the info. The widget uses HTML5 localStorage or the cookie to store the account info e.g. email, display name and the profile picture URL on the client side. The login session state is handled on the RP server side. You can easily find the related code in the client library.
B) Is there a way to set this up the 'callbackURL' for development.
- the identity provider would need a URL that it can redirect back to
You can set it to local address. e.g. http://localhost/callback . It works for most the providers. Windows Live ID doesn't allow to register the local address as the callback address.
C) How can the GITkit / Account Chooser workflow let my users register an account that's native to my app?
There is a config param "signupUrl". If the widget finds the email is not registered on the RP server it will redirect the user to that page.
Thanks in advanceTim
Timothy Washington
Dec 12, 2011, 10:07:58 AM12/12/11
to google-iden...@googlegroups.com
Ahh, I see I see.
Thanks for the feedback.
Tim
Timothy Washington
Dec 16, 2011, 12:41:36 AM12/16/11
to google-iden...@googlegroups.com
I call HTTP POST to "https://www.googleapis.com/identitytoolkit/v1/relyingparty/verifyAssertion?key=<my-key>", with a body of "{:body (json/json-str (:params req)) }".
But keep getting back a 503 error:
slingshot.Stone: clj-http: status 503
| client.clj:36 | clj-http.client/wrap-exceptions[fn] |
| client.clj:152 | clj-http.client/wrap-basic-auth[fn] |
| client.clj:110 | clj-http.client/wrap-accept[fn] |
| client.clj:122 | clj-http.client/wrap-accept-encoding[fn] |
| client.clj:101 | clj-http.client/wrap-content-type[fn] |
| client.clj:179 | clj-http.client/wrap-form-params[fn] |
| client.clj:167 | clj-http.client/wrap-method[fn] |
| cookies.clj:114 | clj-http.cookies/wrap-cookies[fn] |
| client.clj:244 | clj-http.client/post |
I'm using clojure's compojure and clj-http to send out a POST request to verifyAssertion. Any leads on an error here?
Thanks
Tim
On Mon, Dec 12, 2011 at 10:05 AM, Jinhui Du <duji...@google.com> wrote:
Timothy Washington
Dec 16, 2011, 12:12:53 PM12/16/11
to google-iden...@googlegroups.com
I've actually gotten a bit further. But still get this error, after calling verifyAssertion:
presp: {"error":{"message":"Backend Error","data":[{"message":"Backend Error","reason":"backendError","domain":"global"}],"code":-32099}}
Tim
Warren Strange
Dec 17, 2011, 11:52:04 PM12/17/11
to google-iden...@googlegroups.com
I have GIT working with Clojure/Noir
Most of the relevant code is here:
Hope this helps
Warren
Timothy Washington
Dec 18, 2011, 11:20:34 PM12/18/11
to google-iden...@googlegroups.com
Thanks for your feedback on this Warren.
Could I possibly trouble you to see what your POST body looks like. I make a very similar call using the 'clj-http.client' as well.
(client/post{ :body final-body:content-type :json})
Where final-body looks like the following json string:
{"requestUri":"\/","postBody":"openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.ext1.type.attr9=http%3A%2F%2Faxschema.org%2Fpref%2Flanguage&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawlhyFEoKRJvO3CfmB6avwLoBCn2TB_6t7w&openid.assoc_handle=AMlYA9XasWhGNHfuGRhqyl9QTF5f25LakZjGSbnM_vjn_dcBzzc50BTo&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cext1.mode%2Cext1.type.attr3%2Cext1.value.attr3%2Cext1.type.auto2%2Cext1.value.auto2%2Cext1.type.attr0%2Cext1.value.attr0%2Cext1.type.attr9%2Cext1.value.attr9%2Cext1.type.attr6%2Cext1.value.attr6&gx.rp_st=AEp4C1sFgUSBiHXQPaQ1_u7c9zNBzrfap-WaNkVw49_jHiZR4jcU7d_MC2nTOFlhXJgMa4mPYqkmJZq3rBRCbfGXWpRquZfGNnMwI29oz1LVfjonYJU3Pz5luIRK8YAciS1_GHF-xwZE&openid.mode=id_res&openid.ns.ext2=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fui%2F1.0&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&rp_target=callback&openid.ext1.mode=fetch_response&openid.ext1.value.attr9=en-GB&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ext1.value.auto2=109724965185934037912&rp_purpose=signin&openid.ext1.value.attr3=Timothy&openid.ext1.value.attr6=Washington&openid.return_to=http%3A%2F%2F172.16.210.144%3A3000%2FcallbackGitkit%3Frp_target%3Dcallback%26rp_purpose%3Dsignin%26gx.rp_st%3DAEp4C1sFgUSBiHXQPaQ1_u7c9zNBzrfap-WaNkVw49_jHiZR4jcU7d_MC2nTOFlhXJgMa4mPYqkmJZq3rBRCbfGXWpRquZfGNnMwI29oz1LVfjonYJU3Pz5luIRK8YAciS1_GHF-xwZE&openid.ext2.mode=popup&openid.ext1.value.attr0=twashing%40gmail.com&openid.ext1.type.attr0=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ext1.type.attr3=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.sig=4doqzB7GiHOfJlq664mYCcWLkeQ%3D&openid.ext1.type.attr6=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawlhyFEoKRJvO3CfmB6avwLoBCn2TB_6t7w&openid.response_nonce=2011-12-19T04%3A01%3A23Zhfy107mQ3vrxfA&openid.ext1.type.auto2=http%3A%2F%2Fwww.google.com%2Faccounts%2Fapi%2Ffederated-login%2Fid"}
But I still get that original 503 error from the service call:
Exception: slingshot.Stone: clj-http: status 503
client.clj:36 clj-http.client/wrap-exceptions[fn]client.clj:152 clj-http.client/wrap-basic-auth[fn]client.clj:110 clj-http.client/wrap-accept[fn]client.clj:122 clj-http.client/wrap-accept-encoding[fn]
client.clj:100 clj-http.client/wrap-content-type[fn]
client.clj:179 clj-http.client/wrap-form-params[fn]client.clj:167 clj-http.client/wrap-method[fn]cookies.clj:114 clj-http.cookies/wrap-cookies[fn]client.clj:244 clj-http.client/post
...
I think the i) POST url, ii) requestUri, and iii) :content-type are fine. But I think there's something wrong with the body, even with my url-encoding the params. The HTTP 503 server error means service is unavailable. But this is supposed to be a temporary state (I'm getting this all the time). Were you able to get past this error somehow?
Thanks in advance
Tim
Jinhui Du
Dec 19, 2011, 1:22:01 AM12/19/11
to google-iden...@googlegroups.com
Looks like the "requestUri" is not correct, you need to put the whole callback URL to which the IDP redirects.
Timothy Washington
Dec 19, 2011, 2:00:49 AM12/19/11
to google-iden...@googlegroups.com
Hoo-haa.
I had to give the full callback URL like such: "http://172.16.210.144:3000/callbackGitkit" . Then I indeed get back a response as such: {:status 200, :headers { ... "content-type" "application/json; charset=UTF-8", ... }
Thanks for all the help on this guys. Google needs to work on giving more informative API error messages.
Cheers
Tim
Brian
Feb 16, 2015, 9:53:10 AM2/16/15
to google-iden...@googlegroups.com
I'm having the same issue under V3.
I'm guessing I have the equivalent of requestUri noted earlier misconfigured, but can not find where or what the new variable name would be.
Any suggestions?
POST gitkit.js:203
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?key=AIza...694 503 (Service Unavailable)
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?key=AIza...694 503 (Service Unavailable)
I'm guessing I have the equivalent of requestUri noted earlier misconfigured, but can not find where or what the new variable name would be.
Any suggestions?
Derek Salama
Feb 17, 2015, 12:01:50 AM2/17/15
to google-iden...@googlegroups.com
Hi Brian,
We haven't changed the requestUri or postBody parameters. Could you give us an example of these parameters for your POST request?
Thanks,
Derek
Brian
Feb 18, 2015, 4:14:27 PM2/18/15
to google-iden...@googlegroups.com
Hi Derek,
I'm not having this problem anymore -- for unrelated reasons I decided to change the UX and config somewhat, and the 503 error seems to have vanished.
For future reference, could you verify:
I'm not having this problem anymore -- for unrelated reasons I decided to change the UX and config somewhat, and the 503 error seems to have vanished.
For future reference, could you verify:
- Is the requestUri used in the gitkit.js the same as the widgetUrl used in the button js config?
- Does the gitkit.js POST to the widgetUrl, and if so, what variables are posted and what should the response be?
Reply all
Reply to author
Forward
0 new messages