Creating a OpenID Provider in PHP

Question

I have an existing website that I want to turn into an OpenID provider. All my user accounts are stored in a mysql table.

I figured since an OpenID is represented as a URL, I am going to do something like: http://login.mydomain.com/username

I've setup a subdomain, and created an htaccess that redirects all URLs to /login.php?username=[username]

The way I see it, and tell me if I'm wrong, someone goes to let's say StackOverflow, they enter http://login.mydomain.com/myUsername. They get to a page on my server that asks for their password (since I already know their username), I check that it matches, and return the key?

People online recommended using Zend_OpenId_Provider. I've been reading their documentation (http://framework.zend.com/manual/en/zend.openid.provider.html), but I find it very confusing. They have no real world example where the user login/password are stored in a database.

I've also seen php-open-id (http://github.com/openid/php-openid), but no help there either.

It seems to be a pretty common thing to do. Is there a tutorial out there or an example I can easily adapt?

Answer 1

As you tagged this question with zend-framework I think you want to implement this with ZF.

Look at the constructor of the Zend_OpenId_Provider

public function __construct($loginUrl = null,
                            $trustUrl = null,
                            Zend_OpenId_Provider_User $user = null,
                            Zend_OpenId_Provider_Storage $storage = null,
                            $sessionTtl = 3600)

The important one is the $storage parameter.

In the example on http://framework.zend.com/manual/en/zend.openid.provider.html they do not pass any parameters. That means by default the Zend_OpenId_Provider_Storage_File provider is used. Again this one would store per default in files in your TEMP directory (/tmp on Linux).

Basically the example should be fully functional. You could register some more users by calling $server->register($someid, $somepassword);

But as it stores accounts per default in the temporary directory, you should replace that line by something like this (if it is okay to store accounts in files):

$dir = "/var/lib/myopenidusers";
mkdir($dir);
$server = new Zend_OpenId_Provider(null, null, null, new Zend_OpenId_Provider_Storage($dir) );

Now, if you prefer to store your users in a database you have to implement your own Provider_Storage.

Have a look at the abstract class abstract class Zend_OpenId_Provider_Storage. This are the methods you have to implement.

Answer 2

I tried everything listed here, Community ID, simpleid, janrain, etc, along with all those that claim to be providers from OpenID Wiki / Libraries and failed. I then stumbled across Prairie and got it running in about an hour. A little more work of changing the queries in index.php and login.php and I was getting it to work against my user table.