[openstreetmap/openstreetmap-website] OpenID Login error (#3134)

mirabilos notifications at github.com
Thu Apr 1 22:10:25 UTC 2021 

I’m also using OpenID (with my own website delegating to Launchpad) and cannot login any more either.

![Screenshot_20210402_000008](https://user-images.githubusercontent.com/861078/113358753-aa5ac000-9346-11eb-8c23-88cb688e5513.png)

Perhaps these failures (CSP blocked script loading) are involved?

![Screenshot_20210402_000035](https://user-images.githubusercontent.com/861078/113358796-bf375380-9346-11eb-8955-53ee674fcfc4.png)

Trying to trace this a bit:

    POST | https://www.openstreetmap.org/auth/openid/callback?_method=post

The request contains:

`openid.response_nonce=2021-04-01T22%3A03%3A31ZLoDctO&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.signed=assoc_handle%2Cax.count.ext0%2Cax.count.ext1%2Cax.count.ext2%2Cax.count.ext3%2Cax.count.ext4%2Cax.count.ext5%2Cax.count.ext6%2Cax.count.ext7%2Cax.count.ext8%2Cax.mode%2Cax.type.ext0%2Cax.type.ext1%2Cax.type.ext2%2Cax.type.ext3%2Cax.type.ext4%2Cax.type.ext5%2Cax.type.ext6%2Cax.type.ext7%2Cax.type.ext8%2Cax.value.ext0.1%2Cax.value.ext1.1%2Cax.value.ext4.1%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cns.ax%2Cns.sreg%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname%2Csreg.nickname&openid.sreg.email=` my mail `&openid.op_endpoint=https%3A%2F%2Flogin.launchpad.net%2F%2Bopenid&openid.ax.type.ext8=http%3A%2F%2Faxschema.org%2Fmedia%2Fimage%2Faspect11&openid.ax.type.ext4=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffriendly&openid.ax.type.ext5=http%3A%2F%2Faxschema.org%2Fcontact%2Fcity%2Fhome&openid.ax.type.ext6=http%3A%2F%2Faxschema.org%2Fcontact%2Fstate%2Fhome&openid.ax.type.ext7=http%3A%2F%2Faxschema.org%2Fcontact%2Fweb%2Fdefault&openid.ax.type.ext0=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ax.type.ext1=http%3A%2F%2Faxschema.org%2FnamePerson&openid.ax.type.ext2=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ax.type.ext3=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.sig=` some base64 `&openid.ax.value.ext1.1=` my name `&openid.ax.value.ext4.1=` my username `&openid.return_to=https%3A%2F%2Fwww.openstreetmap.org%2Fauth%2Fopenid%2Fcallback%3F_method%3Dpost&openid.ax.mode=fetch_response&openid.claimed_id=` my delegating site `&openid.sreg.nickname=` my username `&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.value.ext0.1=` my email `&openid.mode=id_res&openid.identity=https%3A%2F%2Flogin.launchpad.net%2F%2Bid%2F` my ID `&openid.ax.count.ext0=1&openid.ax.count.ext1=1&openid.ax.count.ext2=0&openid.ax.count.ext3=0&openid.ax.count.ext4=1&openid.ax.count.ext5=0&openid.ax.count.ext6=0&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ax.count.ext8=0&openid.ax.count.ext7=0&openid.sreg.fullname=` my name `&openid.assoc_handle=%7BHMAC-SHA1%7D%7B` a number `%7D%7B` some base64 `%7D&openid.usernamesecret=

Interestingly, `openid.usernamesecret` is empty. Unsure if this is correct, but it’s what Launchpad provides.

The response is thus (302 Found):

    Location | /auth/failure?message=no+implicit+conversion+of+nil+into+String&strategy=openid

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3134#issuecomment-812201168
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210401/37e1da10/attachment.htm>

More information about the rails-dev mailing list