[steam] Fix "realm and return_to do not match" when using HTTP (#433)

Provider.php

@@ -61,6 +61,11 @@ class Provider extends AbstractProvider
      */
     const OPENID_NS = 'http://specs.openid.net/auth/2.0';
 
+    /**
+     * @var string
+     */
+    const OPENID_ERROR = 'openid_error';
+
     /**
      * {@inheritdoc}
      */
@@ -80,7 +85,9 @@ protected function getAuthUrl($state)
     public function user()
     {
         if (!$this->validate()) {
-            throw new OpenIDValidationException('Failed to validate openID login');
+            $error = $this->getParams()['openid.error'] ?? 'unknown error';
+
+            throw new OpenIDValidationException('Failed to validate OpenID login: '.$error);
         }
 
         return $this->mapUserToObject($this->getUserByToken($this->steamId));
@@ -144,7 +151,7 @@ private function buildUrl()
             'openid.ns'         => self::OPENID_NS,
             'openid.mode'       => 'checkid_setup',
             'openid.return_to'  => $this->redirectUrl,
-            'openid.realm'      => sprintf('https://%s', $realm),
+            'openid.realm'      => sprintf('%s://%s', $this->request->getScheme(), $realm),
             'openid.identity'   => 'http://specs.openid.net/auth/2.0/identifier_select',
             'openid.claimed_id' => 'http://specs.openid.net/auth/2.0/identifier_select',
         ];
@@ -222,6 +229,7 @@ public function getParams()
             'openid.sig'          => $this->request->get(self::OPENID_SIG),
             'openid.ns'           => self::OPENID_NS,
             'openid.mode'         => 'check_authentication',
+            'openid.error'        => $this->request->get(self::OPENID_ERROR),
         ];
 
         $signedParams = explode(',', $this->request->get(self::OPENID_SIGNED));