Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Log-in the user with LightOpenID

Hello
I have downloaded LightOpenID (http://gitorious.org/lightopenid) few hours ago but still can't figure out how to make it work.
I got this google example saved in test.php file

<?php
require '../lib/init.php';
require '../lib/openID/openid.php';

try {
    if(!isset($_GET['openid_mode'])) {
        if(isset($_GET['login'])) {
            $openid = new LightOpenID;
            $openid->identity = 'https://www.google.com/accounts/o8/id';
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <button>Login with Google</button>
</form>
<?php
    } elseif($_GET['openid_mode'] == 'cancel') {
        echo 'User has canceled authentication!';
    } else {
        $openid = new LightOpenID;
        echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
    }
} catch(ErrorException $e) {
    echo $e->getMessage();
}
echo '<pre>'.print_r($openid,true).'</pre>';
?>

Where init.php is init file for my page (constants, classes, functions, db connection etc.).
After running this code I got button with label "Login with Google" and after pressing it

echo '<pre>'.print_r($openid,true).'</pre>';

give some info about the $openid object

LightOpenID Object ( [returnUrl] => http://kur.com/openid.php [required] => Array ( )

[optional] => Array
    (
    )

[identity:LightOpenID:private] => https://www.google.com/accounts/o8/id
[claimed_id:LightOpenID:private] => https://www.google.com/accounts/o8/id
[server:protected] => https://www.google.com/accounts/o8/ud
[version:protected] => 2
[trustRoot:protected] => http://kur.com
[aliases:protected] => 
[identifier_select:protected] => 1
[ax:protected] => 1
[sreg:protected] => 
[data:protected] => Array
    (
        [login] => 
    )

)

...nothing special... and thats it...
I spend lot of the time searching for tutorials in google, but can't find even one. Can you please help me.
How to log in the user ?
From where I must get logged user info (as username, mail) ?
I have never been using open ID and I'm confused....
Thanks in advance

like image 260
T1000 Avatar asked Oct 22 '10 08:10

T1000


3 Answers

How to log in the user?

In your example, there is a line showing how to complete the authentication:

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

If $openid->validate() returns true, it means that the user that claims to be $openid->identity is authenticated.

If you'd compare it to standard authentication:

Standard auth:

  • The User inputs login and password
  • The Server checks whether there is such a pair of login and password.
  • If there is, the user is authenticated (with the login he provided), so we set a cookie to remember him(or whatever else you want to do on a successful login).

OpenID auth(with LightOpenID):

  • The User inputs an openid identity
  • The Server uses LightOpenID to authenticate it, then calls $openid->validate()
  • If validate() returns true, the user is authenticated (with $openid->identity), so we set a cookie to remember him(or whatever else you want to do on a successful login).

Basically, once you confirm that the user is the one who he claims he is (i.e. he has authenticated), you proceed as if it was a normal auth.

Usually, you have to store the identity somewhere, along with a session id.

From where I must get logged user info (as username, mail) ?

The username is in $openid->identity. However, you might want to use a nickname as a displayed name. Getting a nickname and an email address however, requires additional configuration. Basically, before calling $openid->authUrl(), you'd have to add:

$openid->required = array('namePerson/friendly', 'contact/email');

That line would cause LightOpenID to requests these parameters. You can see a list of other parameters (which may or may not be supported by OPs) at axschema.org. Then, to get the values of those, after calling validate(), call $openid->getAttributes(). It will return all avaiable paramerers, for example:

array(
    [namePerson/friendly] => Mewp
    [contact/email] => [email protected]
)

However, be aware of the fact, that this list can contain other parameters and may not contain the ones you requested. Basically, the OP is free to return whatever it wants to, so you need to be prepared for the lack of some values.

like image 120
Mewp Avatar answered Nov 11 '22 22:11

Mewp


when a user clicked on 'Login with Google' button on 'example-google.php page you will be redirected to google and if user accept the request he will be redirected to your page again and you can get only the Openid of user.

But if you want to get some other info or change the OpenID provide you can to it on this way:

<?php
require 'openid.php';
try {
$openid = new LightOpenID;
if(!$openid->mode) {
    if(isset($_GET['oidType'])) {
$oidType = $_GET['oidType'];
$openid = new LightOpenID;
    if ($oidType==1)
    {
        $openid->identity = 'https://www.google.com/accounts/o8/id';
    }
    else
    {
        $openid->identity = 'https://me.yahoo.com ';
    }
    $openid->required = array(
      'namePerson',
      'namePerson/first',
      'namePerson/last',
      'contact/email',
    );
    $openid->returnUrl = 'http://www.yourdomain.com/login.php';
    header('Location: ' . $openid->authUrl());

    }
?>
<a href="?oidType=1">Login with Google</a>
<a href="?oidType=2">Login with Yahoo</a>
<?php
} elseif($openid->mode == 'cancel') {
    echo 'User has canceled authentication!';
} 

} elseif($openid->validate()) {
$openid_identity = $openid->identity;
    $data = $openid->getAttributes();
    $email = $data['contact/email'];
    $namePerson = $data['namePerson'];
    $first = $data['namePerson/first'];
    $last = $data['namePerson/last'];

echo "Openid:$identitystr <br>";
    echo "Email : $email <br>";
    echo "namePerson : $namePerson <br>";
    echo "first : $first <br>";
    echo "last : $last <br>";

} else {
    echo "The user has not logged in";
}
} catch(ErrorException $e) {
echo $e->getMessage();
}
like image 31
Ali Avatar answered Nov 11 '22 22:11

Ali


This script is now working fine from my localhost running apache on my laptop with a wifi connection to the internet.

I've been told that you should pass your domain to the new LightOpenId object when creating it.

$iniConfig is a parse_ini_file array stored outside the document root where I store all my important variables.

in this case

[openid] 
domain='mydomain.com' 

So, I create new object and include the domain the server is on:

$openid = new LightOpenID($iniConfig['openid']['domain']);

I wrote it this way, and haven't checked to see if it works without the domain..

like image 2
Scott Fleming Avatar answered Nov 11 '22 23:11

Scott Fleming