If you noticed that Google Federated Login stopped working for your service, because a verification request (openid.mode:check_authentication
) fails, then most probably it happens because of recent changes on Google side. I couldn’t able to find more information on this than this post by Google employee (?) on Google Groups.
If your service is built on Java and you use openid4java for OpenID, then most probably now login with Google attempts fail with error:
Verification failed for: https://www.google.com/accounts/o8/id?id=xxx reason: Direct signature verification failed.
To fix this, you need to reset assoc_handle
on your request to Google. To do this, just after you create AuthRequest
, set its hander to empty string (not null
!).
AuthRequest authReq = manager.authenticate(discovered, "http://example.com/login/openid"); authReq.setHandle("");