Menu
I've looked at roughly 50 questions on this site, but none really provide a solution that is either up to date or doesn't require a third part pluggin (I want to keep control of the information and not give other people access to the info I get) or that is complete. I'll take the risk of posting it, and cross my fingers.
I've seen a bunch more but here are some I looked at:
So I'm looking to have Facebook, Google and Twitter as login options on my site (Apparently, that is 80% of peoples preferred social login method).
If I go to the wiki.openid.net, which package would you advise me to use in PHP for easy implementation? Which one did you use in the past?
Also, if possible, can you give explanations on how to implement the advised library? ie,
Is this right? I have no idea...
Basically a step by step guide would be awesome. I'm sure anyone who takes time to answer this will get massive points, this is hot topic.
Thanks for the help.
937
In the simplest terms, OpenID Connect uses the following process to verify a user identity: First, OpenID Connect will redirect a user to an identity provider (IdP) to determine the user's identity, either by seeing if they have an active session (Single Sign On) or by asking the user to authenticate.
An OpenID Connect (OIDC) Relying Party (RP) is an OAuth client plus an identity management layer. You can invoke an RP connection to Security Access Manager to log a user into WebSEAL.
The OpenID Connect flow looks the same as OAuth. The only differences are, in the initial request, a specific scope of openid is used, and in the final exchange the Client receives both an Access Token and an ID Token. As with the OAuth flow, the OpenID Connect Access Token is a value the Client doesn't understand.
OpenID Connect, its predecessors, and other public-key-encryption-based authentication frameworks guarantee the security of the complete internet by having the responsibility for user identity verification in the hands of the most trusted and reliable service providers.
So you want to implement Google and Facebook/Twitter login, without using a third party service. That means you need to implement OpenID login (for Google) and OAuth (for Facebook/Twitter).
First OpenID. You can download LightOpenID a nice lightweight OpenID class for PHP. Quite easy to implement. Some samplecode how to use this class.
// Set up your OpenID object
$openid = new LightOpenID('http://yourdomain.com');
$openid->returnUrl = 'http://yourdomain.com/after/login/user/goes/here';
$openid->identity = 'https://www.google.com/accounts/o8/id'; // OpenID provider URL
$openid->required = array('namePerson/friendly', 'contact/email');
// Step 1: Redirect the user to the OpenID provider
if (!$openid->mode) // If not authenticated
header('Location: ' . $openid->authUrl()); // Redirect to provider
// Step 2: User returned, sign the user into our application
if ($openid->validate()) {
// OpenID authentication is successful
// Sign in the user and read requested attributes
$attrArray = $openid->getAttributes();
}
That should get you started with the OpenID part. The OpenID selector is nothing more then a selector for the identity URL.
Then implementing OAuth sign in to support Facebook and Twitter sign in. There is quite some documentation on how to implement Facebook and Twitter login support. For Facebook you should read the developer site on authentication it's not too complicated. Twitter uses the same protocol and also has quite nice documentation on this topic.
If you don't want to implement it yourself take a look at OAuth libraries that you can include in your application like socialoauth (supports both) or twitteroauth (supports twitter). Google will help you find a lot more libraries like this.
Just start implementing with a library read the code, comments and docs and ask questions on StackOverflow if your stuck. :)
93
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
