python - 我无法让 OpenID 工作(openid.consumer.consumer.ProtocolError : Parameter next not in return_to URL)

Question

我在我的 Django 项目中使用 Django-Allauth。我添加了一些社交服务提供商(Facebook、谷歌)，效果非常好!

但是我在尝试使用 OpenID 提供商时遇到了问题。到目前为止，我一直在使用 Yahoo 和 AOL 对其进行测试，但都以相同的错误结束:openid.consumer.consumer.ProtocolError: Parameter next not in return_to URL。

配置

设置.py

我项目的setting.py文件的一些相关信息:

INSTALLED_APPS = [
    # Django apps
    'django.contrib.auth',
    'django.contrib.sites',
    # Allauth apps
    'allauth',
    'allauth.account',
    'allauth.socialaccount',
    'allauth.socialaccount.providers.openid',
    'allauth.socialaccount.providers.facebook',
    'allauth.socialaccount.providers.google',
    # Project apps
    'frontoffice.apps.FrontofficeConfig',
    'middleoffice.apps.MiddleofficeConfig',
]
SITE_ID = 1

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    'allauth.account.auth_backends.AuthenticationBackend',
)

# Email sending
EMAIL_HOST = 'smtp.sendgrid.net'
EMAIL_HOST_USER = 'apikey'
EMAIL_HOST_PASSWORD = 'secret'
EMAIL_PORT = 587
EMAIL_USE_TLS = True

# Auth and allauth settings
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_USERNAME_MIN_LENGTH = 3

# Redirections
ACCOUNT_LOGOUT_REDIRECT_URL = '/front-office'
LOGIN_REDIRECT_URL = '/front-office'

# Email verification
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
SOCIALACCOUNT_EMAIL_VERIFICATION = 'mandatory'
ACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYS = 3  # in days
ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN = 30    # in seconds

# Account signup
ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE = True
ACCOUNT_SIGNUP_FORM_CLASS = 'frontoffice.forms.UserAccountForm'

# Social Accounts
SOCIALACCOUNT_AUTO_SIGNUP = False
SOCIALACCOUNT_EMAIL_REQUIRED = True
SOCIALACCOUNT_QUERY_EMAIL = True
SOCIALACCOUNT_PROVIDERS = {
    'openid': {
        'SERVERS': [
            dict(id='yahoo',
                 name='Yahoo OpenID',
                 openid_url='http://me.yahoo.com'),
        ]
    },
    'facebook': {
        'SCOPE': ['email', ],
        'METHOD': 'js_sdk',
        'INIT_PARAMS': {'cookie': True},
        'FIELDS': ['id', 'email', 'name', 'first_name', 'last_name', 'verified', 'locale', 'timezone', 'link', 'gender', 'updated_time',],
        'VERIFIED_EMAIL': False,
    },
    'google': {
        'SCOPE': [
            'profile',
            'email',
        ],
        'AUTH_PARAMS': {
            'access_type': 'online',
        }
    }
}

我知道有些设置不会覆盖默认值或者是多余的，它只是帮助我记住我应该期望的行为。

使用 OpenID 验证

错误堆栈跟踪

正如我所说，我尝试了 Yahoo OpenID ( http://me.yahoo.com )，既来自预定义的提供商和 OpenID URL，也尝试了 AOL，来自 URL ( http://openid.aol.com/myUserName)。两者都返回上述错误，这是一个堆栈跟踪示例:

INFO:django.server:"GET /accounts/openid/login/?openid=http%3A%2F%2Fme.yahoo.com&process=login HTTP/1.1" 302 0
ERROR:root:Verifying return_to arguments: Parameter next not in return_to URL
Traceback (most recent call last):
  File "d:\Profiles\user\Envs\Django\lib\site-packages\openid\consumer\consumer.py", line 673, in _checkReturnTo
    self._verifyReturnToArgs(message.toPostArgs())
  File "d:\Profiles\user\Envs\Django\lib\site-packages\openid\consumer\consumer.py", line 886, in _verifyReturnToArgs
    (pair[0], ))
openid.consumer.consumer.ProtocolError: Parameter next not in return_to URL
INFO:django.server:
"GET /accounts/openid/callback/?janrain_nonce=2017-11-21T15:56:32_nonce_zu
    &next=
    &openid.ns=http://specs.openid.net/auth/2.0
    &openid.mode=id_res
    &openid.return_to=http://localhost:8000/accounts/openid/callback/?janrain_nonce=2017-11-21T15:56:32_nonce_zu
    &next=
    &openid.claimed_id=https://me.yahoo.com/a/C7dd_secret_bVtec-#784b5
    &openid.identity=https://me.yahoo.com/a/C7dd_secret_bVtec-
    &openid.assoc_handle=1P.qFXi_secret_7MP8.Cv06_secret_wEeA--
    &openid.realm=http://localhost:8000/
    &openid.ns.ax=http://openid.net/srv/ax/1.0
    &openid.ax.mode=fetch_response
    &openid.ax.value.email=jane.doe@yahoo.fr
    &openid.ax.value.fullname=Jane Doe
    &openid.response_nonce=2017-11-21T15:56:33Zd_nonce_eA--
    &openid.signed=assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_nonce,return_to,signed,ax.value.email,ax.type.email,ax.value.fullname,ax.type.fullname,ns.ax,ax.mode,pape.auth_level.nist
    &openid.op_endpoint=https://open.login.yahooapis.com/openid/op/auth
    &openid.ax.type.email=http://axschema.org/contact/email
    &openid.ax.type.fullname=http://axschema.org/namePerson
    &openid.pape.auth_level.nist=0
    &openid.sig=n/JOWn_secret_3630=
HTTP/1.1"
200 647

为了便于阅读，我在参数之间放置了换行符。

问题

如您所见，错误消息非常明显:参数 &next= 为空。

有没有人碰巧知道哪里出了问题？它是与提供商相关、与库相关、与配置/实现相关吗？

提前致谢!

Answer 1

事实证明，allauth 存在一个错误，在 openid 登录 URL 中不提供 next 将导致此错误。我发出a PR to address this issue ，所以希望它在某个时候被合并。

同时，您有两个选择:

1. 使用my branch使用修复程序(或通过 -e git://github.com/pydolan/django-allauth.git@fix-yahoo-openid#egg=django-allauth 添加到 requirements.txt)；
2. 始终为next 提供一个值。例如:/accounts/openid/login/?process=login&openid=https%3A%2F%2Fme.yahoo.com&next=%2F 将让您使用 OpenID 登录 Yahoo。