tags:

views:

153

answers:

3
+3  Q: 

How to distinguish/identify users with OpenID without requesting SReg fields?

I've been toying with the JanRain OpenID PHP Library, mostly following along with a tutorial I found on ZendZone.

How does one distinguish between users - especially Google users, who all end up using the same OpenID URL, https://www.google.com/accounts/o8/id ?

Basically, I'm at the point where I can detect that they have an OpenID account... that they've successfully authenticated... but my app still doesn't know who they are; only that they authenticated.

To distinguish users, the tutorial uses a "Simple Registration request" to request the user's email of the OpenID provider - and then use email address to see if this is a returning user.

It wasn't working for me, and apparently won't work with some providers so I was excited when I stumbled upon a function getDisplayIdentifier.

require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
// create file storage area for OpenID data
$store = new Auth_OpenID_FileStore('/wtv');
$consumer = new Auth_OpenID_Consumer($store);
$oid_response = $consumer->complete("http://example.com/oir_return");
if ($oid_response->status == Auth_OpenID_SUCCESS) {
    $hopefullyUniqueUserID = $oid_response->getDisplayIdentifier(); // I assumed this would be a relatively permanent way to identify the user...
                                           // I was wrong.
}

Unfortunately, after a couple of hours the value returned by getDisplayIdentifier changes.

Addendum

Apparently I was taking crazy pills; getDisplayIdentifier has not been changing since I posted this question. I have nonetheless, instead been using identity_url as per the answer below.

Addendum

I was not taking crazy pills! See my answer below...

+1  A: 

Why not simply use the OpenID URL to identify users? Consider it unique like an email address.

Echo  2010-07-01 15:31:40
I thought that's how it worked too, but he says he's seeing all Google users from the same OpenID URL.
Rup  2010-07-01 15:51:54
As did I, but Google accounts always have `https://www.google.com/accounts/o8/id` as their URL.
LeguRi  2010-07-01 16:01:33
ah, missed that part.
Echo  2010-07-01 16:25:21
stackoverflow somehow gets a `?id=....` at the end of the url. Not sure how though. Maybe the full url with the `?id=..` is given to you by google?? Does `$oid_response` have have a url attribute?
Echo  2010-07-01 16:28:56
Oops, hadn't seen your last comment before I posted. Yes, I think it's the OpenID 'claimed_id' that you want, which appears to include the ?id=, which I think is `$oid_response->identity_url`.
Rup  2010-07-01 16:43:06
+3  A: 

Skimming the code, I think it's $oid_response->identity_url that you want. For me (albeit in DotNetOpenAuth not php-openid) that comes back as

https://www.google.com/accounts/o8/id?id=AItOawmqjknrgk6f9cNdPIVxW43GewJPa1ZW4GE

from Google, where the ID part is reproducible and hopefully unique to me. However I haven't left it a few hours to see if this changes, so apologies if this is what you already had from getDisplayIdentifier - but skimming the source it looks like it'd just use the first part, but then I'm no PHP expert.

Rup  2010-07-01 16:39:56
That's identical to what `$oid_response->getDisplayIdentifier()` gave me... and I did leave it a few hours and it changed :'( Nonetheless, I'll try it.
LeguRi  2010-07-01 17:37:18
Ah, OK - sorry.
Rup  2010-07-01 17:43:21
+1 - checked after a few hours; doesn't seem to be changing...
LeguRi  2010-07-02 03:23:44
I'm awarding this answer the bounty, but waiting to accept it; I don't know why `getDisplayIdentifier()` (and `identity_url`) changed on me before as it seems to not be happening anymore.
LeguRi  2010-07-03 15:25:07
Cheers. Sorry, I don't have a good answer for that. For OpenID 2 I'm confident these are the correct values to use ( http://openid.net/specs/openid-authentication-2_0.html#positive_assertions http://openid.net/specs/openid-authentication-2_0.html#identifying ) and that it's called something similar in 1 ( http://openid.net/specs/openid-authentication-1_1.html#rfc.section.4.2.2.3 ). Skimming the JanRain code I had thought there was a separate 'display url' return as well, which is where I'd thought the confusion was coming from, but that's not actually in the spec after all.
Rup  2010-07-03 15:56:20
Sorry Rup, but I figured out the problem, so I've unaccepted this one and accepted my own answer.
LeguRi  2010-07-25 13:43:13
No problem - I didn't know that about Google OpenIDs, happy to learn something!
Rup  2010-07-26 08:34:57
+1  A: 

The problem was that Google's OpenIDs are Unique Per-Domain; I had been absent mindedly alternating between htp://www.mysite.com and http://mysite.com, which caused the OpenID identity url to change!

LeguRi  2010-07-25 13:42:01

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases