views:

43

answers:

3

Hello
I have downloaded LightOpenID (http://gitorious.org/lightopenid) few hours ago but still can't figure out how to make it work.
I got this google example saved in test.php file

<?php
require '../lib/init.php';
require '../lib/openID/openid.php';

try {
    if(!isset($_GET['openid_mode'])) {
        if(isset($_GET['login'])) {
            $openid = new LightOpenID;
            $openid->identity = 'https://www.google.com/accounts/o8/id';
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <button>Login with Google</button>
</form>
<?php
    } elseif($_GET['openid_mode'] == 'cancel') {
        echo 'User has canceled authentication!';
    } else {
        $openid = new LightOpenID;
        echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
    }
} catch(ErrorException $e) {
    echo $e->getMessage();
}
echo '<pre>'.print_r($openid,true).'</pre>';
?>

Where init.php is init file for my page (constants, classes, functions, db connection etc.).
After running this code I got button with label "Login with Google" and after pressing it

echo '<pre>'.print_r($openid,true).'</pre>';

give some info about the $openid object

LightOpenID Object ( [returnUrl] => http://kur.com/openid.php [required] => Array ( )

[optional] => Array
    (
    )

[identity:LightOpenID:private] => https://www.google.com/accounts/o8/id
[claimed_id:LightOpenID:private] => https://www.google.com/accounts/o8/id
[server:protected] => https://www.google.com/accounts/o8/ud
[version:protected] => 2
[trustRoot:protected] => http://kur.com
[aliases:protected] => 
[identifier_select:protected] => 1
[ax:protected] => 1
[sreg:protected] => 
[data:protected] => Array
    (
        [login] => 
    )

)

...nothing special... and thats it...
I spend lot of the time searching for tutorials in google, but can't find even one. Can you please help me.
How to log in the user ?
From where I must get logged user info (as username, mail) ?
I have never been using open ID and I'm confused....
Thanks in advance

A: 

You stupid, are using virtual-host so Google can't reach you...

T1000
A: 

You need to run it on a server with port 80 opened to the outside web, if you run it on 127.0.0.1 Google cant access you and return info

Colum
Actually, it works just fine from localhost, or any other host behind NAT. There is no requirement for the OP to be able to reach the RP (at least if it isn't trying to discover it, but that isn't required).
Mewp
+1  A: 

How to log in the user?

In your example, there is a line showing how to complete the authentication:

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

If $openid->validate() returns true, it means that the user that claims to be $openid->identity is authenticated.

If you'd compare it to standard authentication:

Standard auth:

  • The User inputs login and password
  • The Server checks whether there is such a pair of login and password.
  • If there is, the user is authenticated (with the login he provided), so we set a cookie to remember him(or whatever else you want to do on a successful login).

OpenID auth(with LightOpenID):

  • The User inputs an openid identity
  • The Server uses LightOpenID to authenticate it, then calls $openid->validate()
  • If validate() returns true, the user is authenticated (with $openid->identity), so we set a cookie to remember him(or whatever else you want to do on a successful login).

Basically, once you confirm that the user is the one who he claims he is (i.e. he has authenticated), you proceed as if it was a normal auth.

Usually, you have to store the identity somewhere, along with a session id.

From where I must get logged user info (as username, mail) ?

The username is in $openid->identity. However, you might want to use a nickname as a displayed name. Getting a nickname and an email address however, requires additional configuration. Basically, before calling $openid->authUrl(), you'd have to add:

$openid->required = array('namePerson/friendly', 'contact/email');

That line would cause LightOpenID to requests these parameters. You can see a list of other parameters (which may or may not be supported by OPs) at axschema.org. Then, to get the values of those, after calling validate(), call $openid->getAttributes(). It will return all avaiable paramerers, for example:

array(
    [namePerson/friendly] => Mewp
    [contact/email] => [email protected]
)

However, be aware of the fact, that this list can contain other parameters and may not contain the ones you requested. Basically, the OP is free to return whatever it wants to, so you need to be prepared for the lack of some values.

Mewp