aboutsummaryrefslogtreecommitdiff
path: root/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn
blob: 92e759ca98368bb33449d34ef1e35861533d0bb9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

Sometimes when I try to login (to edit a page) here then I can see
the following error message:

    Error: OpenID failure: time_bad_sig:

Please note that authorization process successes on OpenID server side.

It occurs both for [getopenid.com](http://www.getopenid.com/)
and [myopenid.com](http://www.myopenid.com/) servers I use.

I'm reporting this, but I'm not sure whether a problem is with your
ikiwiki or my OpenID servers. --[[Paweł|ptecza]]

> I've seen this too, once or twice (using myopenid), and reauthenticating
> fixed it -- so I can't reproduce it reliably to work on it. I think I've
> seen it both on this wiki and on the one running on my laptop.
> 
> The perl openid client module seems
> to fail with time_bad_sig if the time in the signature from the other end
> is "faked". I'm not 100% sure what this code does yet:

	# check age/signature of return_to
	my $now = time();
	{
		my ($sig_time, $sig) = split(/\-/, $self->args("oic.time") || "");
		# complain if more than an hour since we sent them off
		return $self->_fail("time_expired")   if $sig_time < $now - 3600;
		 also complain if the signature is from the future by more than 30 seconds,
		# which compensates for potential clock drift between nodes in a web farm.
		return $self->_fail("time_in_future") if $sig_time - 30 > $now;
		# and check that the time isn't faked
		my $c_secret = $self->_get_consumer_secret($sig_time);
		my $good_sig = substr(OpenID::util::hmac_sha1_hex($sig_time, $c_secret), 0, 20);
		return $self->_fail("time_bad_sig") unless $sig eq $good_sig;
	}

> At least it doesn't seem to be a time sync problem since the test for too
> early/too late times have different error messages.. --[[Joey]]

I've had this problem too, but with my track record of reporting OpenID bugs 
I thought it best if I held my tongue. I usually experience this the first
time I sign in on any ikiwiki installation of {ikiwiki.kitenet, ikidev, 
betacantrips}, and I think re-logging in always works. --Ethan

> Does seem easier to repro than I thought.
> Ok, fixed it.. [[bugs/done]] --[[Joey]]
generated by cgit v1.2.3 (git 2.25.4) at 2024-05-28 18:10:12 +0000