O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Callback URL Mismatch

One common OpenID issue arises when you are attempting to perform discovery on an OpenID provider endpoint and have to construct a redirect URL (where to send the end user after she has authenticated) built off a trust root (the current root of the application) and the callback (where to send the end user).

The OpenID domain verification process is quite strict for most providers, requiring an exact match to the root domain. For instance, the following domains will not match:

If there is a callback URL mismatch, you will be presented with something along the lines of Figure 11-8.

Example of callback URL mismatch error screen

Figure 11-8. Example of callback URL mismatch error screen

You will need to ensure that there is a direct domain match when building your redirect URL (i.e., that the domain that you are constructing the callback from matches the current domain that the user is on).

While this is a common issue for new users of OpenID, it can be remedied quickly if you simply ensure that there is an exact domain match between the trust root and the callback to which you will forward the end user after authentication.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required