Getting Started with OpenID and PHP
vvaswani | 9 comments | Wednesday, June 4, 2008

Out Of Memory
Something odd happened the other day. I Webbed over to a site that I visit on an irregular basis, signed in with my username and password, and hit the submit button. After a few seconds of clicking and grinding, the machinery informed me that my password had failed verification. Puzzled, I tried a few more times but, encountering zero success, stamped my heel, uttered a few creative curses and moved on to more productive work. It was only later, after submitting to various security questions and recovering my original password, that I realized my goof-up: I'd used a password belonging to another site by mistake! If this story sounds familiar to you, that's because it's the story of today's Web: too many sites, too many usernames, and not enough cranial capacity to file them all accurately. But there's good news at hand: OpenID, a free, open-source framework for "single sign-on" across different Web sites and applications. The even better news? There already exist a bunch of PHP widgets that allow developers to easily integrate OpenID into a PHP application, and this article is going to show you how to use them. So what are you waiting for? Flip the page, and let's get going!

Free community products:

Digital Me
Before diving into the code, let's spend a few minutes answering a basic question: what's this OpenID thing anyway and how does it work? According to the official OpenID Web site OpenID is
"a free and easy way to use a single digital identity across the Internet". Fundamentally, an OpenID is a customized URL, chosen by you as your online identity and registered with an OpenID service provider. Whenever an external site needs to verify your identity for login purposes, you supply this URL instead of your username; the site then contacts your OpenID service provider for authentication.

What's the benefit? Simple: because your OpenID is stored with your OpenID service provider and any site can contact this provider to authenticate you, there's no need to create multiple accounts or remember multiple usernames and passwords for different sites; all you need is a single OpenID. This assumes, of course, that the external site supports the OpenID framework; adoption of this is gradually increasing, and the OpenID Web site has some interesting information about various large organizations that have begun using the framework. Typically, there are two parties to an OpenID transaction: Consumer and Provider. A Provider is like a registrar: it allows users to create and register OpenID URLs and manage their OpenID accounts, and it also authenticates the user to Consumers on demand. A Consumer (also sometimes called a Relying Party) is an OpenID-enabled Web site. The OpenID framework is completely open-source and any Web site can become a Consumer or a Provider of OpenIDs without incurring any costs on licensing fees. As a result, there are already a large number of OpenID Providers on the Web, and a growing number of Web sites have begun allowing users to sign in to their services using an OpenID. What happens in an OpenID transaction? Well, when a user tries logging into a Consumer site with an OpenID, the Consumer contacts the Provider to verify the user's credentials before allowing him or her access. The user may be redirected to the Provider and asked to sign in to his or her account with the Provider using a password; once this is successfully done, the Provider automatically redirects the user back to the Consumer site, which now treats the user as verified and grants him or her the necessary access. A shared key, known to both parties and protected with strong encryption, is used throughout to maintain the integrity of the transaction and avoid "spoofing". If you're new to OpenID, the information above should be sufficient to explain the basic concepts and ensure that you can follow the material that comes next; however, if you want/need a more detailed description, I'd recommend that you take a look at the OpenID developer site, at and the OpenID 1.1 specification.

Follow DevZone on:

Assembling The Pieces
Now that you've (hopefully) understood the basics of how the OpenID framework works, let's turn to a more pressing question: where does PHP fit it? Well, there are a number of OpenID libraries written for PHP, and designed to help developers quickly add OpenID support to their Web application. This tutorial discusses two of them: 1. The PHP OpenID Library, maintained by JanRain Inc. (JanRain Inc. also operates, a popular provider of OpenID identities). This is a stable implementation for both client and server ends of an OpenID connection, and it's used in most of the examples in this tutorial. 2. The Authentication::OpenID_Consumer PEAR package, proposed by Pádraic Brady. It should be noted that this package is still in proposal stage at the time of writing and should be considered alpha-state code; it's used briefly in this tutorial to illustrate an alternative implementation to the JanRain library. In case you don't already have them, you'll also need to download and install the following PEAR packages: The The The The PEAR DB package Crypt_HMAC2 package Crypt_DiffieHellman package Services_YADIS package

You can install these packages manually, or using the PEAR installer, as below: shell> pear install Crypt_HMAC2

all the user needs to access a Consumer site is his OpenID. I've kept the code listings fairly simple. you'll also need your own OpenID. and will be generated for you free of charge. under the OpenID If you use the MyOpenID service. let's get started! First Steps The first thing you'll located at http://consumer. it's intended as a general introduction for PHP developers who are new to OpenID. remember that you can always find more complex code examples in the documentation supplied with the client libraries mentioned previously. but feel free to change this to http://localhost for testing purposes): .In order to try out the examples in this tutorial.myopenid. if you're going to begin accepting OpenIDs on your Web site. When the user submits this form with his or her OpenID. the form processor needs to locate the OpenID Provider and redirect to the Provider for authentication. authentication is handled by the OpenID Provider. your OpenID will probably be in the form http://yourname. But before you flip the page. which wraps the form above in a conditional test and adds in the code that runs on form submission (I'm assuming here that your site . consider the next listing. is a sign-in form. With that caveat out of the way. Rather. For this reason. Once you've got all the pieces together. Here's the code: <form method="post"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> Here's what the form looks like: You'll notice that this sign-in form doesn't include a field for the user's password. Get one from http://www.the Consumer site .com/ or any other OpenID service provider (and remember that you can also use it on any OpenID-enabled Web site!). This is because. you're ready to go. to give them a broad idea of how PHP/OpenID integration works and increase their comfort level with the I should make one rather important disclaimer: I'm not an expert on OpenID and this tutorial isn't intended to be an exhaustive reference to OpenID integration (specifications and client libraries change too quickly to even attempt such a lofty goal). The PHP OpenID Library can take care of this for you.

require_once "Auth/OpenID/ At this point. } ?> As explained previously. passing it the user's OpenID.php') header('Location: ' . To begin the sign-in process. The Auth_OpenID_FileStore represents a disk location that the PHP OpenID Library will use to store data relating to the current authentication attempt. the Provider performs authentication and returns control to the Consumer to complete the authentication process. 'http://consumer. a new PHP session is started and two object instances are created: Auth_OpenID_FileStore and Auth_OpenID_Consumer. authentication with OpenID is a two-step process: first. The return value of redirectURL() is a URL this example.php". The return value of this method is an Auth_OpenID_AuthRequest object.example. which is used to redirect the user's browser to the OpenID Provider's Web site.dtd"> <html xmlns="http://www. // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('. which may require the user to authenticate himself or herself using a password. Typically. // begin sign-in process // create an authentication request to the OpenID provider $auth = $consumer->begin($_POST['id']). the object constructor should be passed the name of the directory to use (it will attempt to create this directory if it doesn't already exist).").<?php if (!isset($_POST['submit'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. the script calls the Auth_OpenID_Consumer object's begin() method. Once the form is submitted and validated.example. // start session (needed for YADIS) session_start(). } // include files require_once "Auth/OpenID/Consumer. The script above performs the first step of this process. if (!$auth) { die("ERROR: Please enter a valid OpenID. $url). and the URL to which the OpenID Provider should return control post-authentication. the OpenID Provider will also attach various bits of information to the query string as GET parameters. Once this process is completed.").com/'.0 Transitional//EN" "DTD/xhtml1-transitional.php script does: . Let's now look at what the oid_return.php". The Auth_OpenID_Consumer object represents an OpenID Consumer. the OpenID Provider redirects the user's browser back to the URL passed as second argument to the redirectURL() method .php on the Consumer's domain. control transfers to the OpenID Provider. and its constructor is passed the Auth_OpenID_FileStore object generated in the previous step. the Consumer contacts the Provider with the user's OpenID and then. } // redirect to OpenID provider for authentication $url = $auth->redirectURL('http://consumer. the script" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']. ?>"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> </body> </html> <?php } else { // check for form input if (trim($_POST['id'] == '')) { die("ERROR: Please enter a valid OpenID. which represents an authentication request. these are used by the Consumer to complete the authentication process. // create OpenID consumer $consumer = new Auth_OpenID_Consumer($store).w3. This object's redirectURL() method is then invoked with two arguments: the URL used to identify your site to the OpenID Provider./oid_store').

Auth_OpenID_CANCEL. Auth_OpenID_FAILURE. Keeping It Simple When you sign up for an OpenID.w3. and the following revision of the previous example illustrates its usage: . // set session variable depending on authentication result if ($response->status == Auth_OpenID_SUCCESS) { $_SESSION['OPENID_AUTH'] = true. $_SESSION['OPENID_AUTH'] will either not exist or be false and the user will simply see an error message. which only appears if the OpenID server was asked to authenticate non-interactively but was unable to do so. // start session (needed for YADIS) session_start().php').</p> </body> </html> If a user attempts to access such a restricted page without successfully authenticating his or her OpenID. and only allowing the user access if this variable is set to Boolean true. that $_SESSION['OPENID_AUTH'] will become true and the user will be able to view the content of the restricted page.php): <?php // check authentication status session_start().<?php // include files require_once "Auth/OpenID/Consumer.example. by looking for it in every restricted page of the site. It then calls the object's complete() method. // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('. In our example above. } // redirect to restricted application page header('Location: restricted.dtd"> <html xmlns="http://www. The OpenID specification includes a provision for Consumers to retrieve this profile information from a Provider during the authentication process.'). if (!isset($_SESSION['OPENID_AUTH']) || $_SESSION['OPENID_AUTH'] !== true) { die ('You are not permitted to access this page! Please log in again. It's only after successful authentication with the OpenID // create OpenID consumer // read response from OpenID provider $consumer = new Auth_OpenID_Consumer($store)./oid_store'). $response = $consumer->complete('http://consumer. passing it the URL string that the OpenID Provider redirected to. a session variable named $_SESSION['OPENID_AUTH'] is initialized with a Boolean value indicating whether authentication was successful or" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <h2>Restricted Page</h2> <p>You will only see this page if your OpenID has been successfully authenticated. Four response codes are possible: Auth_OpenID_SUCCESS. including your name. which represents the response of the OpenID Provider to the authentication request. which indicates that authentication failed. once authentication is complete. } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.php". which indicates that authentication was successful. which indicates that the authentication request was cancelled by the user.php').php". This so-called Simple Registration extension is fully supported in the PHP OpenID Library. and Auth_OpenID_SETUP_NEEDED. language and country of residence. } else { $_SESSION['OPENID_AUTH'] = false. email address.0 Transitional//EN" "DTD/xhtml1-transitional. chances are that you'll have been asked for optional profile information. It's now easy to use this session variable for page-level authentication. require_once "Auth/OpenID/FileStore. the return value of complete() is an Auth_OpenID_ConsumerResponse object. ?> The first half of this script is similar to what you've previously seen: it initializes the storage area and creates a new Auth_OpenID_Consumer object. Here's a simple example of how this could be implemented in one such restricted page (restricted.

date of birth in YYYY-MM-DD format. } // create request for registration data $sreg = Auth_OpenID_SRegRequest::build(array('email'. header('Location: ' . gender. In the example"> <html xmlns="http://www. array('nickname')) if (!$sreg) { die("ERROR: Unable to build Simple Registration request"). } ?> In a Simple Registration request. Assuming authentication succeeds. the user's full name. 'language'). } $auth->addExtension($sreg). full name. date of birth and language are required. } // include files require_once "Auth/OpenID/Consumer. $url). require_once "Auth/OpenID/FileStore. They can then be retrieved as an associative array. country of" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']. and the user's nickname is optional.example.example. by initializing an instance of the Auth_OpenID_SRegResponse class with the response packet and then calling the instance's contents() method. require_once "Auth/OpenID/SReg. 'dob' for date of birth. ?>"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> </body> </html> <?php } else { // check for form input if (trim($_POST['id'] == '')) { die("ERROR: Please enter a valid OpenID. 'fullname'. // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('./oid_store').php'). 'http://consumer. // redirect to OpenID provider for authentication $url = $auth->redirectURL('http://consumer. postcode. // begin sign-in process // create an authentication request to the OpenID provider $auth = $consumer->begin($_POST['id']). call the Auth_OpenID_SRegRequest class' static build() method with two arrays as argument: the first array lists required keys while the second lists optional keys. if available with the OpenID Provider. a Consumer can ask for any or all of 8 pieces of information: nickname. the profile attributes requested.<?php if (!isset($_POST['submit'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. email address. Each of these is represented by a key: for example.w3. // create OpenID consumer $consumer = new Auth_OpenID_Consumer($store).").php". To create a Simple Registration request using the PHP OpenID Library.0 Transitional//EN" "DTD/xhtml1-transitional. // start session (needed for YADIS) session_start(). if (!$auth) { die("ERROR: Please enter a valid OpenID. or 'email' for email address. language and time zone. as illustrated below: .").php". 'dob'. are returned to the Consumer with the other query string parameters.php".com/'.

// start session (needed for YADIS) session_start(). which uses the email address retrieved from the OpenID Provider to check if the user already has an account on the Consumer's system. ?> It's now easy to use this profile information within the Consumer site's workflow .. a personalized welcome message is printed with the user's email address. $data = $obj->contents(). or to send an email to his email address.for require_once "Auth/OpenID/SReg. require_once "Auth/OpenID/FileStore. consider this enhancement of the previous script. to automatically register the user 's account using his name.. // do something with the registration information // . a new user registration form is generated. with the fields pre-filled with data retrieved from the user's profile.php'). // set session variable depending on authentication result if ($response->status == Auth_OpenID_SUCCESS) { $_SESSION['OPENID_AUTH'] = true. $obj = $sreg->fromSuccessResponse($response).<?php // include files require_once "Auth/OpenID/Consumer. $response = $consumer->complete('http://consumer. // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('. // get registration information $sreg = new Auth_OpenID_SRegResponse(). } // redirect to restricted application page header('Location: restricted. } else { $_SESSION['OPENID_AUTH'] = false.example. if not. Here's the code: .php".php". // create OpenID consumer // read response from OpenID provider $consumer = new Auth_OpenID_Consumer($store). If the answer is yes.php')./oid_store').php". To illustrate.

assume this is a new user $newUser = $data['email'] . } // close connection mysql_free_result($result). ?>" /> <p /> Date of birth (YYYY-MM-DD): <br/> <input type="text" name="dob" value="<?php echo @$data['dob']. die ('You are not permitted to access this page! Please log in again. ?>" /> <p /> Email address: <br/> <input type="text" name="email" value="<?php echo @$data['email']. exit(). "'") or die('ERROR: Could not execute query' $row = mysql_fetch_array($result). display personalized welcome message $newUser = false.php').php"> Name: <br/> <input type="text" name="name" value="<?php echo @$data['fullname']. if ($row[0] == 1) { // if yes. // set session variable depending on authentication result if ($response->status == Auth_OpenID_SUCCESS) { $_SESSION['OPENID_AUTH'] = true.php". $response = $consumer->complete('http://consumer.'). mysql_select_db('test') or die('ERROR: Could not select database'). echo 'Hello and welcome" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <h2>Create New Account</h2> <form method="post" action="register./oid_store'). } else { // if no. // or if email address is not available in profile info // assume this is a new user registration // display a registration form pre-filled with profile information if ($newUser == true) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. // get registration information $sreg = new Auth_OpenID_SRegResponse().dtd"> <html xmlns="http://www. // execute query $result = mysql_query("SELECT DISTINCT COUNT(*) FROM users WHERE email = '" . } else { // if email address is not available // assume it's a new user $newUser = true. $obj = $sreg->fromSuccessResponse($response). require_once "Auth/OpenID/FileStore. $data = $obj->contents(). ' . 'user'. mysql_close($conn). require_once "Auth/OpenID/SReg.<?php // include files require_once "Auth/OpenID/Consumer.php".0 Transitional//EN" "DTD/xhtml1-transitional. $data['email']. } } else { $_SESSION['OPENID_AUTH'] = false.example. if (isset($data['email'])) { // if email address is available // check if the user already has an account on the system // open database connection $conn = mysql_connect('localhost'. // create file storage area for OpenID data $store = new Auth_OpenID_FileStore('. 'pass') or die('ERROR: Cannot connect to server'). // create OpenID consumer // read response from OpenID provider $consumer = new Auth_OpenID_Consumer($store). // start session (needed for YADIS) session_start(). } // if user doesn't have an account. ?>" /> <p /> <input type="submit" name="submit" value="Register" /> </form> </body> </html> <?php } ?> .php".

If this is not to your taste. by replacing the Auth_OpenID_FileStore object with Auth_OpenID_MySQLStore. The following example illustrates. using a MySQL database for storage: .Here's what a user with an account on the system would see after signing in with an OpenID: And here's what a new user would see after signing in with an OpenID: A Question Of Storage The previous examples have all used PHP OpenID Library's file storage class for local storage of OpenID data. PostgreSQL or SQLite database. you can also store OpenID data in a MySQL. Auth_OpenID_PostgreSQLStore or Auth_OpenID_SQLiteStore objects respectively.

you can do this by subclassing the Auth_OpenID_DatabaseConnection class and using it with your custom abstraction toolkit. currently in proposal status. and the remainder of the script proceeds as before. $store->createTables(). } // redirect to OpenID provider for authentication $url = $auth->redirectURL('http://consumer. // open connection $db =& DB::connect($dsn. Incidentally. When processing the data returned by the OpenID Provider in the return script oid_return.<?php if (!isset($_POST['submit'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.php. } ?> To use a MySQL database for storage."). which is equivalent to the first example in this tutorial: .org/1999/xhtml" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']. require_once 'DB. $options).example. $url). this should be fixed in the final release). An Alternative Approach An alternative OpenID Consumer implementation is that provided by the Authentication::OpenID_Consumer PEAR package. ?>"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> </body> </html> <?php } else { // check for form input if (trim($_POST['id'] == '')) { die("ERROR: Please enter a valid OpenID. 'http://consumer.0 Transitional//EN" "DTD/xhtml1-transitional. initialize an Auth_OpenID_MySQLStore object and pass the object constructor a PEAR DB connection handle to the database. this is alpha-quality code. remember to again use Auth_OpenID_MySQLStore instead of Auth_OpenID_FileStore. } // include files require_once "Auth/OpenID/Consumer.php".php". if (!$auth) { die("ERROR: Please enter a valid if you wish to use a custom database abstraction library instead of PEAR DB. } // create MySQL database storage area for OpenID data $store = new Auth_OpenID_MySQLStore($db).example. you can use the Auth_OpenID_OpenIDStore class as the basis for your custom store. Consider the next listing. At the time of writing. Calling the object's createTables() method takes care of initializing the necessary database tables."). ). For more information on this. // begin sign-in process // create an authentication request to the OpenID provider $auth = $consumer->begin($_POST['id']). but it's interesting to see it in action nevertheless (note that you might need to set PHP's error reporting level to ignore warnings and notices thrown by the package. // create PEAR DB DSN for MySQL $dsn = 'mysql://user:pass@localhost/openid'. look in the documentation for the JanRain PHP OpenID'. $options = array( 'debug' => 2.dtd"> <html xmlns="http://www. Similarly. 'portability' => DB_PORTABILITY_ALL. if you'd prefer to use a storage mechanism other than files or SQL databases.php'. // create OpenID consumer $consumer = new Auth_OpenID_Consumer($store). if (PEAR::isError($db)) { die($db->getMessage()). // start session (needed for YADIS) session_start().php') header('Location: ' . require_once "Auth/OpenID/MySQLStore.

// create consumer $consumer = new OpenID_Consumer($store).php: .dtd"> <html xmlns="http://www.w3. and then calls the Consumer object's start() method with the user-supplied OpenID to begin the authentication process with the OpenID Provider. // create store $store = new OpenID_Store_File('. the OpenID Provider returns control to the Consumer script oid_return. which accepts both the return URL and the site identifier.example. initializes a Consumer object with the store. } ?> Apart from the differences in notation. 'http://consumer. then takes care of redirecting the user's browser to the OpenID Provider's Web site."). this is remarkably similar to what you saw in previous examples: the script creates a file store.php'. } // include files require_once 'OpenID/').<?php error_reporting(E_ERROR).php'. if (!isset($_POST['submit'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML" xml:lang="en" lang="en"> <head> <title></title> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']. Once the user completes ?>"> Sign in with your OpenID: <br/> <input type="text" name="id" size="30" /> <br /> <input type="submit" name="submit" value="Log In" /> </form> </body> </html> <?php } else { // check for form input if (trim($_POST['id'] == '')) { die("ERROR: Please enter a valid OpenID. // begin sign-in process // create an authentication request to the OpenID provider $auth = $consumer->start($_POST['id'])./oid_store'). The resulting Authorisation object's redirect() method."). // start session session_start().php'.0 Transitional//EN" "DTD/xhtml1-transitional. } // redirect to OpenID provider for authentication $auth->redirect('http://consumer. require_once 'OpenID/Store/File.example. if (!$auth) { die("ERROR: Please enter a valid OpenID.

$result = $response->getResult(). I also explained the Simple Registration extension to OpenID. Over the last few pages. In most cases.<?php error_reporting(E_ERROR). (Although I would love to have an article about implementing OpenId in a Zend Framework project…wanna write it?) :) . All rights reserved. PEAR-based implementation for OpenID Consumers. June 4. An example server is included in the package archive to get you started.php'. which you can use to custom-code your own OpenID server. Finally. This article was not written from a Zend Framework perspective. showing you how it could be used to retrieve a user's profile from an OpenID Provider and inject that data into your Web application. explaining what it was and how it worked. and happy coding! Copyright Melonfire. } } // redirect to restricted application page header('Location: restricted. 2008 WHAT ABOUT THE ZEND FRAMEWORK OPENID IMPLEMENTATION? 2:46PM GMT · erangalp Seems odd an article on OpenID here doesn't even mention it. however. Comments (Login to leave comments) Wednesday. the Consumer object's finish() method is used to complete the authentication process./oid_store'). You should check it out. ZEND_OPENID Hi erangalp! 3:16PM GMT · Cal Evans (editor) Not. especially if your needs are simple. // create store $store = new OpenID_Store_File('. I then coerced you into installing some PHP-based OpenID libraries. } else { $_SESSION['OPENID_AUTH'] = false. if ($result == 'success') { $_SESSION['OPENID_AUTH'] = true. This object's getResult() method can be used to test the result of the authentication process. The result of the finish() method is a Response object. require_once 'OpenID/Store/File. and showed you how you could use them to add OpenID support to your Web application. If you're interested in learning more about PHP and OpenID. 2007. ?> Here. and pointed you to some easy-to-install-and-use scripts for setting up your own OpenID server. here's a quick list: phpMyID SimpleID Clamshell And that's about it for this article. also consider the following resources: An OpenID and PHP primer The OpenID developer site Plaxo's guide for OpenID-Enabling a Web site OpenID for Non-Superusers OpenID implementations for other programming languages Have fun. Service With A Smile Now that you've seen two different implementations of an OpenID Consumer. // include files require_once 'OpenID/Consumer.php'. and take appropriate action depending on whether the result is successful or not. you can get away without coding your own OpenID Provider. it’s not really odd at all. There are a number of open-source packages that allow you to set up and manage an OpenID server "out of the box". // set session variable depending on authentication result if (isset($_GET)) { $response = $consumer->finish($_GET).php'). let's turn our attention to the Provider end of the connection. representing the response send by the OpenID Provider to the Consumer's authentication request. I gave you a crash course in OpenID. I demonstrated an alternative. // create consumer $consumer = new OpenID_Consumer($store). it should be noted that the JanRain PHP OpenID Library discussed earlier in this article also includes a full-fledged OpenID Provider implementation. // start session session_start(). many of whom don’t work with Zend Framework. First. DevZone accepts articles from PHP developers world wide.

2009 WHICH LIBRARY DO THE EXAMPLES USE? 5:30PM GMT · pkiula Sorry.but when i try to login with my any openid. The big OpenID supporters probably also need to do a little more in terms of educating users about the benefits of OpenID (single user name being the key benefit). 2008 HOW SECURE IS IT? 3:17PM GMT · Alihan ÇEtin [unregistered] OpenID is greate world wide application gor websites.. June 8. great article ! i was trying to implement it . I'll comment because I can use my OpenID.'). isn't that a PEAR thing. December 14.. is that NOT the JanRain library? Your entire tutorial in the beginning is based on this Auth thing. you'll own all accounts for the user in internet. What's everyone else think? Tuesday.... And a handicap : when you'll get the password. Right now OpenID doesn't carry that mentality that says "Oh yeah.i made simple application in php using code given by u. http://www.i include all openid libs. September 4. June 6.But you are correct that Zend Framework does have an OpenId implementation. and you would probably also need to trust that the OpenID provider has the necessary security systems in place. thanks for help in adavance.i get response "failure" with a message "Server denied check_authentication" in oid_return. Sunday. And thank you for this article. then I don't see their stuff "included" in the code before? Where is the "Auth" file located. And it's easy to know someones openID because it's public. Yahoo usernames are equally public (every time you send an email from Yahoo. and if so. Don't get me wrong there are many popular sites that are using it! I just don't know if it's worth spending time to get it up and running. Your examples have this line: require('Auth/. but when i evaluate the line : if ($response->status == Auth_OpenID_SUCCESS) .com/10-cool-sites-to-get-your-own-openid-4058/ this article has clearly mentioned the benefits and resources to get a oepnID. the recipient knows your Yahoo username). IMO. I think security is something that would need to be enforced by your application. January 28. 2009 GETTING A ERROR "SERVER DENIED CHECK_AUTHENTICATION" 7:08AM GMT · tatva13 i am using openid 2.. =C= Friday. When I first came out I thought it would be awesome but many sites are reluctant to move to an OpenID strategy. April 14. But there is a question : How secure is it? I think it can't be used in very secure sites. Friday. 2009 $RESPONSE OBJECT IS VOID 2:30PM GMT · bubastix0 Hey . Zend_OpenId Thanks for the comment. You would need to extend the same level of trust to whoever holds your OpenID.. There are hundreds and thousands of services which accepts openID for login and shorten the process of registration.. How to get it to work? Tuesday. 2009 OPENID 11:19AM GMT · raghuirukulla Though the concept of OpenID is good not many user's know the full potential of this service. here is the link to it.0. farrelley: I take your point.ekoob. Which ones is this? If it is JanRain's library. 2008 ADOPTION AND SECURITY 6:24AM GMT · vvaswani Alihan: Thanks for the comment. you mention JanRain and that experimental PEAR class. However in general (most) users trust Yahoo with their data and assume that Yahoo is holding their passwords securely. but my own take on this is that OpenID is still fairly new and not many casual Web users even know that it exists. June 17. Wednesday.php. Keep the faith: adoption has been increasing gradually and will continue to do so until it reaches a tipping point." It's not stopping people from doing things yet. Monday. 2008 ADOPTION RATE FOR OPENID 12:56PM GMT · farrelley The adoption rate for OpenId is very slow. There is always a chance to get the password. Take your analogy a bit further: if we take Yahoo as an example.

.the object seems to be null . maybe its a change on some of the packages .. you think that i could validate the user using another method? Many Thanks! .

Sign up to vote on this title
UsefulNot useful