You are on page 1of 13

OpenID

Tutorials

Getting Started with OpenID and PHP
vvaswani | 9 comments | Wednesday, June 4, 2008

Out Of Memory
Something odd happened the other day. I Webbed over to a site that I visit on an irregular basis, signed in with my username and password, and hit the submit button. After a few seconds of clicking and grinding, the machinery informed me that my password had failed verification. Puzzled, I tried a few more times but, encountering zero success, stamped my heel, uttered a few creative curses and moved on to more productive work. It was only later, after submitting to various security questions and recovering my original password, that I realized my goof-up: I'd used a password belonging to another site by mistake! If this story sounds familiar to you, that's because it's the story of today's Web: too many sites, too many usernames, and not enough cranial capacity to file them all accurately. But there's good news at hand: OpenID, a free, open-source framework for "single sign-on" across different Web sites and applications. The even better news? There already exist a bunch of PHP widgets that allow developers to easily integrate OpenID into a PHP application, and this article is going to show you how to use them. So what are you waiting for? Flip the page, and let's get going!

Free community products:

Digital Me
Before diving into the code, let's spend a few minutes answering a basic question: what's this OpenID thing anyway and how does it work? According to the official OpenID Web site OpenID is
"a free and easy way to use a single digital identity across the Internet". Fundamentally, an OpenID is a customized URL, chosen by you as your online identity and registered with an OpenID service provider. Whenever an external site needs to verify your identity for login purposes, you supply this URL instead of your username; the site then contacts your OpenID service provider for authentication.

What's the benefit? Simple: because your OpenID is stored with your OpenID service provider and any site can contact this provider to authenticate you, there's no need to create multiple accounts or remember multiple usernames and passwords for different sites; all you need is a single OpenID. This assumes, of course, that the external site supports the OpenID framework; adoption of this is gradually increasing, and the OpenID Web site has some interesting information about various large organizations that have begun using the framework. Typically, there are two parties to an OpenID transaction: Consumer and Provider. A Provider is like a registrar: it allows users to create and register OpenID URLs and manage their OpenID accounts, and it also authenticates the user to Consumers on demand. A Consumer (also sometimes called a Relying Party) is an OpenID-enabled Web site. The OpenID framework is completely open-source and any Web site can become a Consumer or a Provider of OpenIDs without incurring any costs on licensing fees. As a result, there are already a large number of OpenID Providers on the Web, and a growing number of Web sites have begun allowing users to sign in to their services using an OpenID. What happens in an OpenID transaction? Well, when a user tries logging into a Consumer site with an OpenID, the Consumer contacts the Provider to verify the user's credentials before allowing him or her access. The user may be redirected to the Provider and asked to sign in to his or her account with the Provider using a password; once this is successfully done, the Provider automatically redirects the user back to the Consumer site, which now treats the user as verified and grants him or her the necessary access. A shared key, known to both parties and protected with strong encryption, is used throughout to maintain the integrity of the transaction and avoid "spoofing". If you're new to OpenID, the information above should be sufficient to explain the basic concepts and ensure that you can follow the material that comes next; however, if you want/need a more detailed description, I'd recommend that you take a look at the OpenID developer site, at http://openid.net/developers/ and the OpenID 1.1 specification.

Follow DevZone on:

Assembling The Pieces
Now that you've (hopefully) understood the basics of how the OpenID framework works, let's turn to a more pressing question: where does PHP fit it? Well, there are a number of OpenID libraries written for PHP, and designed to help developers quickly add OpenID support to their Web application. This tutorial discusses two of them: 1. The PHP OpenID Library, maintained by JanRain Inc. (JanRain Inc. also operates MyOpenID.com, a popular provider of OpenID identities). This is a stable implementation for both client and server ends of an OpenID connection, and it's used in most of the examples in this tutorial. 2. The Authentication::OpenID_Consumer PEAR package, proposed by Pádraic Brady. It should be noted that this package is still in proposal stage at the time of writing and should be considered alpha-state code; it's used briefly in this tutorial to illustrate an alternative implementation to the JanRain library. In case you don't already have them, you'll also need to download and install the following PEAR packages: The The The The PEAR DB package Crypt_HMAC2 package Crypt_DiffieHellman package Services_YADIS package

You can install these packages manually, or using the PEAR installer, as below: shell> pear install Crypt_HMAC2

you'll also need your own OpenID. all the user needs to access a Consumer site is his OpenID. The PHP OpenID Library can take care of this for you. remember that you can always find more complex code examples in the documentation supplied with the client libraries mentioned previously. If you use the MyOpenID service. Rather.example. it's intended as a general introduction for PHP developers who are new to OpenID. is a sign-in form. you're ready to go. When the user submits this form with his or her OpenID. But before you flip the page.com. let's get started! First Steps The first thing you'll need. which wraps the form above in a conditional test and adds in the code that runs on form submission (I'm assuming here that your site . consider the next listing. With that caveat out of the way. the form processor needs to locate the OpenID Provider and redirect to the Provider for authentication.com/ or any other OpenID service provider (and remember that you can also use it on any OpenID-enabled Web site!). I've kept the code listings fairly simple.the Consumer site . I should make one rather important disclaimer: I'm not an expert on OpenID and this tutorial isn't intended to be an exhaustive reference to OpenID integration (specifications and client libraries change too quickly to even attempt such a lofty goal). if you're going to begin accepting OpenIDs on your Web site. authentication is handled by the OpenID Provider. Here's the code: <form method="post"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> Here's what the form looks like: You'll notice that this sign-in form doesn't include a field for the user's password.myopenid. but feel free to change this to http://localhost for testing purposes): . under the OpenID framework.com. Once you've got all the pieces together.myopenid. to give them a broad idea of how PHP/OpenID integration works and increase their comfort level with the technology. Get one from http://www. For this reason. and will be generated for you free of charge. This is because.is located at http://consumer.In order to try out the examples in this tutorial. your OpenID will probably be in the form http://yourname.

The script above performs the first step of this process.com/'. the OpenID Provider redirects the user's browser back to the URL passed as second argument to the redirectURL() method . and its constructor is passed the Auth_OpenID_FileStore object generated in the previous step. The Auth_OpenID_Consumer object represents an OpenID Consumer. ?>"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> </body> </html> <?php } else { // check for form input if (trim($_POST['id'] == '')) { die("ERROR: Please enter a valid OpenID. The return value of this method is an Auth_OpenID_AuthRequest object. // begin sign-in process // create an authentication request to the OpenID provider $auth = $consumer->begin($_POST['id']). passing it the user's OpenID."). } // include files require_once "Auth/OpenID/Consumer.example. require_once "Auth/OpenID/FileStore.example. } // redirect to OpenID provider for authentication $url = $auth->redirectURL('http://consumer. a new PHP session is started and two object instances are created: Auth_OpenID_FileStore and Auth_OpenID_Consumer. // create OpenID consumer $consumer = new Auth_OpenID_Consumer($store). At this point.php on the Consumer's domain. these are used by the Consumer to complete the authentication process. // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('. The Auth_OpenID_FileStore represents a disk location that the PHP OpenID Library will use to store data relating to the current authentication attempt. the OpenID Provider will also attach various bits of information to the query string as GET parameters. the script oid_return. which is used to redirect the user's browser to the OpenID Provider's Web site.php') header('Location: ' .w3. and the URL to which the OpenID Provider should return control post-authentication. Typically. Once the form is submitted and validated. Once this process is completed.<?php if (!isset($_POST['submit'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. authentication with OpenID is a two-step process: first./oid_store').php script does: .php". the object constructor should be passed the name of the directory to use (it will attempt to create this directory if it doesn't already exist).org/1999/xhtml" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']. which may require the user to authenticate himself or herself using a password. $url). which represents an authentication request."). } ?> As explained previously. The return value of redirectURL() is a URL string.dtd"> <html xmlns="http://www.php". control transfers to the OpenID Provider. // start session (needed for YADIS) session_start(). the Consumer contacts the Provider with the user's OpenID and then.com/oid_return.0 Transitional//EN" "DTD/xhtml1-transitional. 'http://consumer.in this example. if (!$auth) { die("ERROR: Please enter a valid OpenID. This object's redirectURL() method is then invoked with two arguments: the URL used to identify your site to the OpenID Provider. the Provider performs authentication and returns control to the Consumer to complete the authentication process. To begin the sign-in process. Let's now look at what the oid_return. the script calls the Auth_OpenID_Consumer object's begin() method.

email address.').php". once authentication is complete.<?php // include files require_once "Auth/OpenID/Consumer. // set session variable depending on authentication result if ($response->status == Auth_OpenID_SUCCESS) { $_SESSION['OPENID_AUTH'] = true. } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. Here's a simple example of how this could be implemented in one such restricted page (restricted. // create OpenID consumer // read response from OpenID provider $consumer = new Auth_OpenID_Consumer($store). by looking for it in every restricted page of the site. which indicates that authentication failed. chances are that you'll have been asked for optional profile information./oid_store'). Auth_OpenID_CANCEL.0 Transitional//EN" "DTD/xhtml1-transitional. which only appears if the OpenID server was asked to authenticate non-interactively but was unable to do so. Keeping It Simple When you sign up for an OpenID. the return value of complete() is an Auth_OpenID_ConsumerResponse object. } else { $_SESSION['OPENID_AUTH'] = false.</p> </body> </html> If a user attempts to access such a restricted page without successfully authenticating his or her OpenID. $response = $consumer->complete('http://consumer.php): <?php // check authentication status session_start(). The OpenID specification includes a provision for Consumers to retrieve this profile information from a Provider during the authentication process. if (!isset($_SESSION['OPENID_AUTH']) || $_SESSION['OPENID_AUTH'] !== true) { die ('You are not permitted to access this page! Please log in again.com/oid_return. which indicates that the authentication request was cancelled by the user. Auth_OpenID_FAILURE.php'). passing it the URL string that the OpenID Provider redirected to.w3. It's only after successful authentication with the OpenID Provider. which indicates that authentication was successful. It then calls the object's complete() method. and the following revision of the previous example illustrates its usage: .org/1999/xhtml" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <h2>Restricted Page</h2> <p>You will only see this page if your OpenID has been successfully authenticated.php".php'). and only allowing the user access if this variable is set to Boolean true. This so-called Simple Registration extension is fully supported in the PHP OpenID Library. and Auth_OpenID_SETUP_NEEDED. which represents the response of the OpenID Provider to the authentication request. } // redirect to restricted application page header('Location: restricted. $_SESSION['OPENID_AUTH'] will either not exist or be false and the user will simply see an error message. language and country of residence. that $_SESSION['OPENID_AUTH'] will become true and the user will be able to view the content of the restricted page. It's now easy to use this session variable for page-level authentication. require_once "Auth/OpenID/FileStore. // start session (needed for YADIS) session_start(). including your name. a session variable named $_SESSION['OPENID_AUTH'] is initialized with a Boolean value indicating whether authentication was successful or not.example. // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('. Four response codes are possible: Auth_OpenID_SUCCESS.dtd"> <html xmlns="http://www. ?> The first half of this script is similar to what you've previously seen: it initializes the storage area and creates a new Auth_OpenID_Consumer object. In our example above.

dtd"> <html xmlns="http://www."). or 'email' for email address. a Consumer can ask for any or all of 8 pieces of information: nickname.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']. header('Location: ' . if (!$auth) { die("ERROR: Please enter a valid OpenID. They can then be retrieved as an associative array. 'http://consumer.example.com/oid_return. as illustrated below: . country of residence. date of birth in YYYY-MM-DD format.php". array('nickname')) if (!$sreg) { die("ERROR: Unable to build Simple Registration request"). 'language'). $url). call the Auth_OpenID_SRegRequest class' static build() method with two arrays as argument: the first array lists required keys while the second lists optional keys.com/'. 'fullname'. the user's full name. } // create request for registration data $sreg = Auth_OpenID_SRegRequest::build(array('email'. // begin sign-in process // create an authentication request to the OpenID provider $auth = $consumer->begin($_POST['id']).w3. } $auth->addExtension($sreg). are returned to the Consumer with the other query string parameters."). // redirect to OpenID provider for authentication $url = $auth->redirectURL('http://consumer.0 Transitional//EN" "DTD/xhtml1-transitional. language and time zone. 'dob'. if available with the OpenID Provider. full name. ?>"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> </body> </html> <?php } else { // check for form input if (trim($_POST['id'] == '')) { die("ERROR: Please enter a valid OpenID. postcode. To create a Simple Registration request using the PHP OpenID Library. In the example above.php".example. // create OpenID consumer $consumer = new Auth_OpenID_Consumer($store). gender. } ?> In a Simple Registration request. require_once "Auth/OpenID/FileStore. 'dob' for date of birth. // start session (needed for YADIS) session_start()./oid_store'). } // include files require_once "Auth/OpenID/Consumer. // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('. require_once "Auth/OpenID/SReg. and the user's nickname is optional. the profile attributes requested. date of birth and language are required. by initializing an instance of the Auth_OpenID_SRegResponse class with the response packet and then calling the instance's contents() method.php').php". Assuming authentication succeeds. email address. Each of these is represented by a key: for example.<?php if (!isset($_POST['submit'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.

// start session (needed for YADIS) session_start(). // set session variable depending on authentication result if ($response->status == Auth_OpenID_SUCCESS) { $_SESSION['OPENID_AUTH'] = true. with the fields pre-filled with data retrieved from the user's profile. Here's the code: . // get registration information $sreg = new Auth_OpenID_SRegResponse().php'). To illustrate./oid_store'). // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('.php". } else { $_SESSION['OPENID_AUTH'] = false. $obj = $sreg->fromSuccessResponse($response). to automatically register the user 's account using his name.php'). ?> It's now easy to use this profile information within the Consumer site's workflow .example. consider this enhancement of the previous script.com/oid_return. // do something with the registration information // .php". require_once "Auth/OpenID/FileStore. If the answer is yes..for example.php". which uses the email address retrieved from the OpenID Provider to check if the user already has an account on the Consumer's system. a new user registration form is generated. // create OpenID consumer // read response from OpenID provider $consumer = new Auth_OpenID_Consumer($store). if not. or to send an email to his email address..<?php // include files require_once "Auth/OpenID/Consumer. $data = $obj->contents(). $response = $consumer->complete('http://consumer. a personalized welcome message is printed with the user's email address. } // redirect to restricted application page header('Location: restricted. require_once "Auth/OpenID/SReg.

mysql_close($conn).com/oid_return.'). // get registration information $sreg = new Auth_OpenID_SRegResponse(). $response = $consumer->complete('http://consumer. } } else { $_SESSION['OPENID_AUTH'] = false. ?>" /> <p /> <input type="submit" name="submit" value="Register" /> </form> </body> </html> <?php } ?> . // create OpenID consumer // read response from OpenID provider $consumer = new Auth_OpenID_Consumer($store).php". "'") or die('ERROR: Could not execute query' $row = mysql_fetch_array($result). ?>" /> <p /> Email address: <br/> <input type="text" name="email" value="<?php echo @$data['email']. } else { // if no. require_once "Auth/OpenID/SReg. // or if email address is not available in profile info // assume this is a new user registration // display a registration form pre-filled with profile information if ($newUser == true) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.dtd"> <html xmlns="http://www. if (isset($data['email'])) { // if email address is available // check if the user already has an account on the system // open database connection $conn = mysql_connect('localhost'. mysql_select_db('test') or die('ERROR: Could not select database'). 'user'. ?>" /> <p /> Date of birth (YYYY-MM-DD): <br/> <input type="text" name="dob" value="<?php echo @$data['dob']. // set session variable depending on authentication result if ($response->status == Auth_OpenID_SUCCESS) { $_SESSION['OPENID_AUTH'] = true.php". } else { // if email address is not available // assume it's a new user $newUser = true. assume this is a new user $newUser = true. display personalized welcome message $newUser = false.<?php // include files require_once "Auth/OpenID/Consumer.php'). ' . 'pass') or die('ERROR: Cannot connect to server').0 Transitional//EN" "DTD/xhtml1-transitional.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <h2>Create New Account</h2> <form method="post" action="register. $data = $obj->contents(). echo 'Hello and welcome back. // execute query $result = mysql_query("SELECT DISTINCT COUNT(*) FROM users WHERE email = '" . } // if user doesn't have an account. exit(). if ($row[0] == 1) { // if yes./oid_store'). $data['email'] . require_once "Auth/OpenID/FileStore. die ('You are not permitted to access this page! Please log in again.php". // start session (needed for YADIS) session_start(). $data['email'].example. $obj = $sreg->fromSuccessResponse($response). // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('.php"> Name: <br/> <input type="text" name="name" value="<?php echo @$data['fullname'].w3. } // close connection mysql_free_result($result).

using a MySQL database for storage: . PostgreSQL or SQLite database. by replacing the Auth_OpenID_FileStore object with Auth_OpenID_MySQLStore. The following example illustrates. If this is not to your taste.Here's what a user with an account on the system would see after signing in with an OpenID: And here's what a new user would see after signing in with an OpenID: A Question Of Storage The previous examples have all used PHP OpenID Library's file storage class for local storage of OpenID data. you can also store OpenID data in a MySQL. Auth_OpenID_PostgreSQLStore or Auth_OpenID_SQLiteStore objects respectively.

$url). } // include files require_once "Auth/OpenID/Consumer. if (!$auth) { die("ERROR: Please enter a valid OpenID. but it's interesting to see it in action nevertheless (note that you might need to set PHP's error reporting level to ignore warnings and notices thrown by the package. When processing the data returned by the OpenID Provider in the return script oid_return.w3. // start session (needed for YADIS) session_start(). // create OpenID consumer $consumer = new Auth_OpenID_Consumer($store). require_once 'DB. require_once "Auth/OpenID/MySQLStore.php'. $options = array( 'debug' => 2. 'portability' => DB_PORTABILITY_ALL. Similarly. Calling the object's createTables() method takes care of initializing the necessary database tables. Consider the next listing. this should be fixed in the final release). // open connection $db =& DB::connect($dsn. 'http://consumer. // create PEAR DB DSN for MySQL $dsn = 'mysql://user:pass@localhost/openid'.php". // begin sign-in process // create an authentication request to the OpenID provider $auth = $consumer->begin($_POST['id']).example. if you'd prefer to use a storage mechanism other than files or SQL databases. you can do this by subclassing the Auth_OpenID_DatabaseConnection class and using it with your custom abstraction toolkit. } // create MySQL database storage area for OpenID data $store = new Auth_OpenID_MySQLStore($db). At the time of writing. which is equivalent to the first example in this tutorial: .dtd"> <html xmlns="http://www. if you wish to use a custom database abstraction library instead of PEAR DB. For more information on this."). you can use the Auth_OpenID_OpenIDStore class as the basis for your custom store. ?>"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> </body> </html> <?php } else { // check for form input if (trim($_POST['id'] == '')) { die("ERROR: Please enter a valid OpenID. currently in proposal status. Incidentally.php". look in the documentation for the JanRain PHP OpenID Library."). and the remainder of the script proceeds as before.com/oid_return. this is alpha-quality code.php') header('Location: ' .0 Transitional//EN" "DTD/xhtml1-transitional. initialize an Auth_OpenID_MySQLStore object and pass the object constructor a PEAR DB connection handle to the database. An Alternative Approach An alternative OpenID Consumer implementation is that provided by the Authentication::OpenID_Consumer PEAR package.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']. } // redirect to OpenID provider for authentication $url = $auth->redirectURL('http://consumer. remember to again use Auth_OpenID_MySQLStore instead of Auth_OpenID_FileStore. $store->createTables(). if (PEAR::isError($db)) { die($db->getMessage()). } ?> To use a MySQL database for storage.example.com/'.php. ).<?php if (!isset($_POST['submit'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. $options).

which accepts both the return URL and the site identifier.php: . 'http://consumer.com/'). Once the user completes authentication.example. if (!isset($_POST['submit'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. // start session session_start(). initializes a Consumer object with the store."). The resulting Authorisation object's redirect() method.com/oid_return. if (!$auth) { die("ERROR: Please enter a valid OpenID./oid_store'). this is remarkably similar to what you saw in previous examples: the script creates a file store.0 Transitional//EN" "DTD/xhtml1-transitional.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']. the OpenID Provider returns control to the Consumer script oid_return."). require_once 'OpenID/Store/File. and then calls the Consumer object's start() method with the user-supplied OpenID to begin the authentication process with the OpenID Provider.php'. ?>"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> </body> </html> <?php } else { // check for form input if (trim($_POST['id'] == '')) { die("ERROR: Please enter a valid OpenID. } // include files require_once 'OpenID/Consumer.example. then takes care of redirecting the user's browser to the OpenID Provider's Web site.php'.<?php error_reporting(E_ERROR). } ?> Apart from the differences in notation. // create consumer $consumer = new OpenID_Consumer($store).dtd"> <html xmlns="http://www. // create store $store = new OpenID_Store_File('. // begin sign-in process // create an authentication request to the OpenID provider $auth = $consumer->start($_POST['id']).w3.php'. } // redirect to OpenID provider for authentication $auth->redirect('http://consumer.

All rights reserved. explaining what it was and how it worked. however. I also explained the Simple Registration extension to OpenID. I demonstrated an alternative. // create store $store = new OpenID_Store_File('.php'). PEAR-based implementation for OpenID Consumers. In most cases. DevZone accepts articles from PHP developers world wide. and take appropriate action depending on whether the result is successful or not. } } // redirect to restricted application page header('Location: restricted. Comments (Login to leave comments) Wednesday. } else { $_SESSION['OPENID_AUTH'] = false. An example server is included in the package archive to get you started. and happy coding! Copyright Melonfire. representing the response send by the OpenID Provider to the Consumer's authentication request. and pointed you to some easy-to-install-and-use scripts for setting up your own OpenID server. if ($result == 'success') { $_SESSION['OPENID_AUTH'] = true. // start session session_start(). especially if your needs are simple. let's turn our attention to the Provider end of the connection. you can get away without coding your own OpenID Provider. many of whom don’t work with Zend Framework. ?> Here. it should be noted that the JanRain PHP OpenID Library discussed earlier in this article also includes a full-fledged OpenID Provider implementation. // create consumer $consumer = new OpenID_Consumer($store). // set session variable depending on authentication result if (isset($_GET)) { $response = $consumer->finish($_GET). 2008 WHAT ABOUT THE ZEND FRAMEWORK OPENID IMPLEMENTATION? 2:46PM GMT · erangalp Seems odd an article on OpenID here doesn't even mention it. June 4. showing you how it could be used to retrieve a user's profile from an OpenID Provider and inject that data into your Web application. Service With A Smile Now that you've seen two different implementations of an OpenID Consumer. // include files require_once 'OpenID/Consumer. The result of the finish() method is a Response object. and showed you how you could use them to add OpenID support to your Web application. This object's getResult() method can be used to test the result of the authentication process. which you can use to custom-code your own OpenID server. Over the last few pages. I gave you a crash course in OpenID. If you're interested in learning more about PHP and OpenID.php'. ZEND_OPENID Hi erangalp! 3:16PM GMT · Cal Evans (editor) Not. here's a quick list: phpMyID SimpleID Clamshell And that's about it for this article./oid_store'). This article was not written from a Zend Framework perspective.php'. it’s not really odd at all. 2007.<?php error_reporting(E_ERROR). also consider the following resources: An OpenID and PHP primer The OpenID developer site Plaxo's guide for OpenID-Enabling a Web site OpenID for Non-Superusers OpenID implementations for other programming languages Have fun. You should check it out. Finally. $result = $response->getResult(). (Although I would love to have an article about implementing OpenId in a Zend Framework project…wanna write it?) :) . I then coerced you into installing some PHP-based OpenID libraries. There are a number of open-source packages that allow you to set up and manage an OpenID server "out of the box". require_once 'OpenID/Store/File. the Consumer object's finish() method is used to complete the authentication process. First.

2009 GETTING A ERROR "SERVER DENIED CHECK_AUTHENTICATION" 7:08AM GMT · tatva13 i am using openid 2. 2008 ADOPTION AND SECURITY 6:24AM GMT · vvaswani Alihan: Thanks for the comment. However in general (most) users trust Yahoo with their data and assume that Yahoo is holding their passwords securely. January 28.com/10-cool-sites-to-get-your-own-openid-4058/ this article has clearly mentioned the benefits and resources to get a oepnID.php.. 2008 HOW SECURE IS IT? 3:17PM GMT · Alihan ÇEtin [unregistered] OpenID is greate world wide application gor websites.ekoob. the recipient knows your Yahoo username). There is always a chance to get the password. Don't get me wrong there are many popular sites that are using it! I just don't know if it's worth spending time to get it up and running. June 8. But there is a question : How secure is it? I think it can't be used in very secure sites.. you'll own all accounts for the user in internet. and you would probably also need to trust that the OpenID provider has the necessary security systems in place. 2009 OPENID 11:19AM GMT · raghuirukulla Though the concept of OpenID is good not many user's know the full potential of this service.0. great article ! i was trying to implement it .i include all openid libs." It's not stopping people from doing things yet. is that NOT the JanRain library? Your entire tutorial in the beginning is based on this Auth thing. Yahoo usernames are equally public (every time you send an email from Yahoo. June 6. There are hundreds and thousands of services which accepts openID for login and shorten the process of registration. Sunday. The big OpenID supporters probably also need to do a little more in terms of educating users about the benefits of OpenID (single user name being the key benefit). Take your analogy a bit further: if we take Yahoo as an example. Wednesday. Your examples have this line: require('Auth/.. How to get it to work? Tuesday. but my own take on this is that OpenID is still fairly new and not many casual Web users even know that it exists. Right now OpenID doesn't carry that mentality that says "Oh yeah. IMO..i get response "failure" with a message "Server denied check_authentication" in oid_return. December 14. I think security is something that would need to be enforced by your application. 2008 ADOPTION RATE FOR OPENID 12:56PM GMT · farrelley The adoption rate for OpenId is very slow.. here is the link to it. What's everyone else think? Tuesday. http://www. and if so.. 2009 $RESPONSE OBJECT IS VOID 2:30PM GMT · bubastix0 Hey . And it's easy to know someones openID because it's public.. but when i evaluate the line : if ($response->status == Auth_OpenID_SUCCESS) . June 17. When I first came out I thought it would be awesome but many sites are reluctant to move to an OpenID strategy.').i made simple application in php using code given by u. isn't that a PEAR thing. April 14. Friday. You would need to extend the same level of trust to whoever holds your OpenID.. thanks for help in adavance.But you are correct that Zend Framework does have an OpenId implementation.but when i try to login with my any openid. 2009 WHICH LIBRARY DO THE EXAMPLES USE? 5:30PM GMT · pkiula Sorry. farrelley: I take your point. I'll comment because I can use my OpenID. Zend_OpenId Thanks for the comment. Keep the faith: adoption has been increasing gradually and will continue to do so until it reaches a tipping point. Which ones is this? If it is JanRain's library. And a handicap : when you'll get the password. you mention JanRain and that experimental PEAR class. And thank you for this article. =C= Friday. Monday. September 4. then I don't see their stuff "included" in the code before? Where is the "Auth" file located.

.the object seems to be null . you think that i could validate the user using another method? Many Thanks! .. maybe its a change on some of the packages .