If you noticed that Google Federated Login stopped working for your service, because a verification request (
openid.mode:check_authentication) fails, then most probably it happens because of recent changes on Google side. I couldn’t able to find more information on this than this post by Google employee (?) on Google Groups.
If your service is built on Java and you use openid4java for OpenID, then most probably now login with Google attempts fail with error:
Verification failed for: https://www.google.com/accounts/o8/id?id=xxx reason: Direct signature verification failed.
To fix this, you need to reset
assoc_handle on your request to Google. To do this, just after you create
AuthRequest, set its hander to empty string (not
AuthRequest authReq = manager.authenticate(discovered, "http://example.com/login/openid"); authReq.setHandle("");
Fantastic post. I was struggling with this one but your post helped me fix it quick and easy.