Log-in the user with LightOpenID

php openid lightopenid
T1000 picture T1000 · Oct 22, 2010 · Viewed 13.4k times · Source

Hello
I have downloaded LightOpenID (http://gitorious.org/lightopenid) few hours ago but still can't figure out how to make it work.
I got this google example saved in test.php file 

<?php
require '../lib/init.php';
require '../lib/openID/openid.php';

try {
    if(!isset($_GET['openid_mode'])) {
        if(isset($_GET['login'])) {
            $openid = new LightOpenID;
            $openid->identity = 'https://www.google.com/accounts/o8/id';
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <button>Login with Google</button>
</form>
<?php
    } elseif($_GET['openid_mode'] == 'cancel') {
        echo 'User has canceled authentication!';
    } else {
        $openid = new LightOpenID;
        echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
    }
} catch(ErrorException $e) {
    echo $e->getMessage();
}
echo '<pre>'.print_r($openid,true).'</pre>';
?>

Where init.php is init file for my page (constants, classes, functions, db connection etc.).
After running this code I got button with label "Login with Google" and after pressing it 

echo '<pre>'.print_r($openid,true).'</pre>';

give some info about the $openid object

LightOpenID Object ( [returnUrl] => http://kur.com/openid.php [required] => Array ( )

[optional] => Array
    (
    )

[identity:LightOpenID:private] => https://www.google.com/accounts/o8/id
[claimed_id:LightOpenID:private] => https://www.google.com/accounts/o8/id
[server:protected] => https://www.google.com/accounts/o8/ud
[version:protected] => 2
[trustRoot:protected] => http://kur.com
[aliases:protected] => 
[identifier_select:protected] => 1
[ax:protected] => 1
[sreg:protected] => 
[data:protected] => Array
    (
        [login] => 
    )

)

...nothing special... and thats it...
I spend lot of the time searching for tutorials in google, but can't find even one. Can you please help me.
How to log in the user ?
From where I must get logged user info (as username, mail) ?
I have never been using open ID and I'm confused....
Thanks in advance

Answer

Mewp picture Mewp · Oct 22, 2010

How to log in the user?

In your example, there is a line showing how to complete the authentication:

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

If $openid->validate() returns true, it means that the user that claims to be $openid->identity is authenticated.

If you'd compare it to standard authentication:

Standard auth:

  • The User inputs login and password
  • The Server checks whether there is such a pair of login and password.
  • If there is, the user is authenticated (with the login he provided), so we set a cookie to remember him(or whatever else you want to do on a successful login).

OpenID auth(with LightOpenID):

  • The User inputs an openid identity
  • The Server uses LightOpenID to authenticate it, then calls $openid->validate()
  • If validate() returns true, the user is authenticated (with $openid->identity), so we set a cookie to remember him(or whatever else you want to do on a successful login).

Basically, once you confirm that the user is the one who he claims he is (i.e. he has authenticated), you proceed as if it was a normal auth.

Usually, you have to store the identity somewhere, along with a session id.

From where I must get logged user info (as username, mail) ?

The username is in $openid->identity. However, you might want to use a nickname as a displayed name. Getting a nickname and an email address however, requires additional configuration. Basically, before calling $openid->authUrl(), you'd have to add:

$openid->required = array('namePerson/friendly', 'contact/email');

That line would cause LightOpenID to requests these parameters. You can see a list of other parameters (which may or may not be supported by OPs) at axschema.org. Then, to get the values of those, after calling validate(), call $openid->getAttributes(). It will return all avaiable paramerers, for example:

array(
    [namePerson/friendly] => Mewp
    [contact/email] => [email protected]
)

However, be aware of the fact, that this list can contain other parameters and may not contain the ones you requested. Basically, the OP is free to return whatever it wants to, so you need to be prepared for the lack of some values.

Related questions

How to implement Google OpenID authentication in PHP & Test on Localhost

I am new to OpenID, and want to implement Google OpenID authentication on my website. I could not found any examples. Can anyone suggest me some good tutorials (step by step) or any working example with code to implement Google …

Read More
Best way to implement Single-Sign-On with all major providers?

I already did a lot of research on this topic and have implemented a lot of solutions myself. Including OpenID, Facebook Connect (using the old Rest API and the new Graph OAuth 2.0 API), Sign in with twitter (which has been …

Read More
How do you enable customers to log in to your site using their Google account?

I just saw http://uservoice.com/login. It uses Google accounts, Myspace, Yahoo, OpenID and all to sign in customers into its site? Can I do that? I mean, customers need not register to my site. They can just sign …

Read More