I'm trying to implement Google's OpenID+OAuth protocol, and it doesn't work when openid.realm contains a wildcard:
openid.realm: http://*.example.com
openid.ns.oauth = http://specs.openid.net/extensions/oauth/1.0
openid.oauth.consumer = www.example.com
openid.oauth.scope = https://www.googleapis.com/auth/userinfo.profile
The OpenID process works as expected, but the OAuth extension is silently ignored (no request_token in the response; no error either).
As per the documentation this seemed supported:
Use the automated interface to register your domain, keeping in mind that the registered domain must be consistent with the realm parameter being used with OpenID. For example, the domain "www.somedomain.com" is consistent with a realm of "http://*.somedomain.com".
It works with a realm of http://www.example.com
(the callback receives a request_token parameter), however I can't change the realm since this would prevent existing users from signing in again.
What am I doing wrong ?
http://www.example.com
andopenid.oauth.consumer
towww.example.com
, the callback receives arequest_token
as expected. When setting the realm tohttp://*.example.com
and the consumer to eitherwww.example.com
orexample.com
, the callback doesn't receive arequest_token
(but the openid process succeeds). – Arnaud Le Blanc