diff --git a/Provider.php b/Provider.php index a41e2ea..ae0bb60 100644 --- a/Provider.php +++ b/Provider.php @@ -61,6 +61,11 @@ class Provider extends AbstractProvider */ const OPENID_NS = 'http://specs.openid.net/auth/2.0'; + /** + * @var string + */ + const OPENID_ERROR = 'openid_error'; + /** * {@inheritdoc} */ @@ -80,7 +85,9 @@ protected function getAuthUrl($state) public function user() { if (!$this->validate()) { - throw new OpenIDValidationException('Failed to validate openID login'); + $error = $this->getParams()['openid.error'] ?? 'unknown error'; + + throw new OpenIDValidationException('Failed to validate OpenID login: '.$error); } return $this->mapUserToObject($this->getUserByToken($this->steamId)); @@ -144,7 +151,7 @@ private function buildUrl() 'openid.ns' => self::OPENID_NS, 'openid.mode' => 'checkid_setup', 'openid.return_to' => $this->redirectUrl, - 'openid.realm' => sprintf('https://%s', $realm), + 'openid.realm' => sprintf('%s://%s', $this->request->getScheme(), $realm), 'openid.identity' => 'http://specs.openid.net/auth/2.0/identifier_select', 'openid.claimed_id' => 'http://specs.openid.net/auth/2.0/identifier_select', ]; @@ -222,6 +229,7 @@ public function getParams() 'openid.sig' => $this->request->get(self::OPENID_SIG), 'openid.ns' => self::OPENID_NS, 'openid.mode' => 'check_authentication', + 'openid.error' => $this->request->get(self::OPENID_ERROR), ]; $signedParams = explode(',', $this->request->get(self::OPENID_SIGNED));