I am using the JanRain library, and implementing code very similar to their server example (essentially creating my own openid provider). I have it working, but when I try to return an identity different from the one specified to the consumer, I get the following error:
Request was for http://example.com/, cannot reply with identity http://example.com/openid/33
In this case, the unique ID/URL is http://example.com/openid/33, while the one specified to the consumer is http://example.com.
I am using something like this:
$request = $server->decodeRequest();
$request->answer( true, null, $id_url, $request->identity );
I've tried switching around $request->identity and $id_url. I only get the error in the state shown above, and the other state works, but doesn't seem to return the right thing to the consumer. I'm using the OP Simple Registration test found here: http://test-id.org/OP/Sreg.aspx, and when I switch them it works, but I can't find my $id_url anywhere in the logs.
My guess is that I need to be telling the consumer something earlier in the process about the ID differing from the one specified by the end-user, but so far I haven't hit on the right thing to try. I know this is possible, because this is how yahoo's OpenID works.
Any ideas or suggestions are welcome. Thanks!
You are confusing the endpoint URL with the claimed identifier or the OP-local identifier.
The workflow is like this:
http://specs.openid.net/auth/2.0/identifier_selectSo you should only provide a new identifier if you got http://specs.openid.net/auth/2.0/identifier_select.