InternalOpenIDError: Failed to verify assertion #18
Comments
|
I am experiencing the same error. It seems that this happens when you have multiple instances of your server and one initiates the authentication and the other one actually performs it. This might help you: http://stackoverflow.com/questions/14341471/how-do-i-use-node-openid-on-heroku-with-more-than-one-dyno Note: I am still trying to figure out how to ensure that the same server will handle the response. |
|
i have same issue to i use redis session storage, so all dynos have the same session, but this system do not works. |
|
for future people reading this issue, simply add stateless:true to the options when instantiating the GoogleStrategy. |
|
I had an issue with this, too. I was unable to solve it by using stateless:true. I was able to solve it by catching any errors in the callback after updating to passport@~0.2.0. |
|
@JasonGhent How did you recover when catching that error? The callback only receives the error itself so there's not really much you can do, is there? Could you point me at your code that deals with that case? |
|
@kynan The code is actually in a private repo, but to give an idea, I was able to catch the error with the 0.2.0 version by implementing it as: server.get('/auth/google/return', function(req,res,next) {
passport.authenticate('google', function(err,user) {
if(err) /* handle error */
else /* handle success */
})(req,res,next);
});The error handler did some logging and redirected the user via: res.redirect(errorPage + '/' + encodeURIComponent(JSON.stringify({
message: "User friendly error message."
})));I have no workaround that will circumvent a failure by the failed assertion, other than to ask the user to try again (or try another login authenticator) on the redirect page. I have noticed this happens much less now than it did prior to 0.2.0. Note that if you have a round-robin cluster, the strategy association is only persisted on the machine that saved it originally, and you will likely have a server hop when the third-party service responds. I worked around this by persisting the association to Redis in the strategy definition via |
|
@JasonGhent Thanks for sharing! My issue turned out to be the This issue is too broad since an |
Hi all, I got the following error, and I'm not sure how to trap it, or what caused it. Any advice?
InternalOpenIDError: Failed to verify assertion
at Strategy.authenticate.identifier (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/lib/passport-openid/strategy.js:184:36)
at _verifyAssertionData (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1045:12)
at _verifyAssertionAgainstProvider (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1170:14)
at _checkSignatureUsingAssociation (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1221:14)
at Object.openid.loadAssociation (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:111:5)
at _checkSignatureUsingAssociation (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1213:10)
at _checkSignature (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1203:5)
at _verifyAssertionAgainstProvider (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1166:3)
at _verifyDiscoveredInformation (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1137:16)
at openid.discover (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:660:7)
at _resolveXri (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:536:16)
at _get.get.done (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:246:9)
at IncomingMessage._get (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:250:32)
at IncomingMessage.EventEmitter.emit (events.js:115:20)
at IncomingMessage._emitEnd (http.js:366:10)
at HTTPParser.parserOnMessageComplete as onMessageComplete
at CleartextStream.socketOnData as ondata
at CleartextStream.CryptoStream._push (tls.js:396:27)
at SecurePair.cycle (tls.js:750:20)
at EncryptedStream.CryptoStream.write (tls.js:131:13)
at Socket.ondata (stream.js:38:26)
at Socket.EventEmitter.emit (events.js:88:17)
at TCP.onread (net.js:397:14)
The text was updated successfully, but these errors were encountered: