My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
Provider  
Updated Jul 17, 2011 by mewp...@gmail.com

Introduction

The LightOpenIDProvider class is an OpenID Provider implementation.

It requires PHP >= 5.1.2, or >= 5 with Hash extension. Also, if you aren't running it over https and want to support associations (not required, however recommended), you must have GMP or BCMath extensions. GMP is faster, and is used if available.

Usage

The class has to be extended in order to use it -- it offers no predefined interface.

Functions to implement

Required

checkid($realm, &$attributes)
This function should return an identifier (i.e. openid) if the user is authenticated, and false otherwise.

It should check whether the user has allowed to be authenticated with $realm.

If the user wished to send any attributes to the site, they should be put in $attributes.

The function must not interact with the user in any way.
setup($identity, $realm, $assoc_handle, $attributes)
Handles user interface if it's needed.

Should ask the user whether he wants to login to $realm using $identity, and providing $attributes. See example-mysql.php for an example interface.

$assoc_handle must be present as openid.assoc_handle in $_GET or $_POST in every request.

Optional

setAssoc($handle, $assoc)
getAssoc($handle)
delAssoc($handle)
Set, retrieve or delete an association. $handle is an association handle returned by assoc_handle(), and $assoc is an array.

Uses PHP Sessions by default.
assoc_handle()
Generates an association handle.

Single user

The example.php file contains an single-user implementation that you can use as a simple replacement for phpMyID. It uses HTTP authentication and doesn't support SREG or AX extensions. To use it from another url, just include 'example.php'; at the top of it. The script shouldn't interfere with your page until someone tries to authenticate with OpenID.

Multiple users

example-mysql.php shows how to use mysql database to provide identities. You can integrate the provider into your website based on that example.

select_id

If you set $select_id flag in the provider, it will return a different XRDS document, stating that:

  1. user will be prompted for his username (hence not needing to provide it in the identity url).
  2. this url does not belong to a user

Because of 2., you can't set select_id on user's identity urls. If you do, most clients will return an error during verification.

Also, remember to set $xrdsLocation for the identity urls, so that select_id can be disabled there too.

Comment by rtor...@asi-dev2.com, Nov 10, 2011

can you provide download link for the LightOpenIDProvider class?

Comment by rtor...@asi-dev2.com, Nov 30, 2011

yes.,i got it but i don't how to implement...i mean how to set up the server?

Comment by fred.tro...@gmail.com, Feb 5, 2012

Hi, thanks for attempting a simple and clean implementation. Its really appreciated.

I only understand the sreg vs AX stuff in my clearest moments, and I am having trouble understanding how you respond to requests for those, and how you set sreg vs AX vs both etc etc.

Also I am not sure what you mean "function must not interact with user" regarding check_id. Obviously you are still able to get into the SESSION, POST and GET b/c your examples do not work without them.

It would be much easier to sort out the mysql example if you were not using serialized data in the mysql table. That makes it really hard to sort out what is going on.

Rather than working to make the mysql system "better" how about making something both simpler and all static?

How about a server with three users, defined in code using a big php array, that has values for all of the sreg / AX data statically defined?

Then, if you could, simply print what was "required" and "optional". I am using stackoverflow.com for testing and they send me nothing at all, but I would like to send them back email, phone address, names etc etc etc

When I doing client stuff with OpenID, all of the providers simply ignore what I request and while I think that is bad form, I understand the rational (some providers even ask the user what to send, which is more reasonable). For the purposes of learning to use your code and testing it, it would be nice to just see how you send everything, attribute wise....

Thanks for an awesome project.

Powered by Google Project Hosting