ansaurus

Question

Getting a gmail address with... openid? oauth?

Answer 1

+1 A:

Having a Google account doesn't mean you get a gmail account. You can start a Google account with any email address.

Having said that I don't think its part of the spec to return email addresses or login data as part of the identity.

BC 2010-07-13 23:09:00

good point. I'd like to get *that* email address, doesn't matter if it's not gmail.

Lo'oris 2010-07-13 23:11:36

Answer 2

+1 A:

OAuth and OpenID are not the same. They solve completely different things. I'm going under the assumption you checked out: Federated Login for Google Account Users it has a bit more explanation on how the accounts work for Google Accounts.

Solutions:

John Wang 2010-07-13 23:20:07

Answer 3

+5 A:

You can use OpenID's attribute exchange. See the Google documentation here (in particular, openid.ax.type.email).

Artefacto 2010-07-13 23:21:30

great! While I wasn't able to understand how to "map" those attributes such as `openid.ax.type.email` to LightOpenID's different ones (`contact/email`), knowing that it *could* be done I looked deeper into LightOpenID's documentation and I managed to do it :) thanks

Lo'oris 2010-07-14 10:20:29

Answer 4

+2 A:

I've just discovered LightOpenID and I think it's wonderful. I've managed to get the email address, the first and last name and the prefered language using the following modification of example-gmail.php:

<?php

require_once('openid.php');

if (empty($_GET['openid_mode']))
{
    if (isset($_GET['login']))
    {
        $openid = new LightOpenID();
        $openid->identity = 'https://www.google.com/accounts/o8/id';
        $openid->required = array('namePerson/first', 'namePerson/last', 'contact/email', 'pref/language');

        header('Location: ' . $openid->authUrl());
        //header('Location: ' . str_replace('&amp;', '&', $openid->authUrl()));
    }

    else
    {
        echo '<form action="?login" method="post">' . "\n";
        echo '<button>Login with Google</button>' . "\n";
        echo '</form>' . "\n";
    }
}

else if ($_GET['openid_mode'] == 'cancel')
{
    echo 'User has canceled authentication!';
}

else
{
    $openid = new LightOpenID();

    echo 'User ' . ($openid->validate() ? $_GET['openid_identity'] . ' has ' : 'has not ') . 'logged in.';

    echo '<pre>';
    print_r($openid->getAttributes());
    echo '</pre>';
}

?>

I changed the code to make it a little more readable, the output:

User https://www.google.com/accounts/o8/id?id=*** has logged in.

Array
(
    [namePerson/first] => Alix
    [contact/email] => ***@gmail.com
    [pref/language] => en
    [namePerson/last] => Axel
)

I still can't get the postal code and others from Google but I've had success with myOpenID.com.

Alix Axel 2010-07-14 07:00:30

Thanks, but my question is: where is the list of `required` attributes I may ask? I could only find the list of `openix.ax.wtf`, but I have no idea about how to use them in LightOpenID... :/

Lo'oris 2010-07-14 10:22:38

Oh, here it is --> http://www.axschema.org/types/ ... still, is there a way to ask google which of these fields is going to export? Or just try them all and some will work while some won't?

Lo'oris 2010-07-14 10:26:31

Does LightOpenID store the request you made in the `if (isset($_GET['login']))`? It doesn't appear to, yet it should (for performance reasons). In case of Google, it's indifferent, but it may not be if the user-supplied identifier (USI) is the claimed identifier (CI). Let's say you enter myusername.myopenid.com. In the discovery phase for that url, you find out that the endpoint url that responds authoritatively for that identifier. If you don't save that information, in the second phase you'll have to check again if the endpoint has authority over the CI.

Artefacto 2010-07-14 10:30:01

@Lo'oris: I'm also still pretty green at this. =P I tried them all, but then I found this: http://code.google.com/apis/accounts/docs/OpenID.html#Parameters. Google delivers `country`, `email`, `firstname`, `language` and `lastname`.

Alix Axel 2010-07-14 10:58:21

@Artefacto: No it doesn't. And that's one of the reasons I'm enjoying LightOpenID so much. Ideally you should call the `validate()` method and if it returns true save `$_GET['openid_identity']` in the `$_SESSION` and never worry about it again. That's what I'm getting from this, still I might be wrong or may not have understood what you're trying to ask (I'm really sleepy right now).

Alix Axel 2010-07-14 11:02:46

@Alix It's not wrong, but for user-supplied identifier that don't result in "identifier_select" behavior, this causes an extra discovery.

Artefacto 2010-07-14 12:08:40

@Artefacto: I'm sorry but I'm having trouble understanding what you're saying. Do you mean the usage of `https://www.google.com/accounts/o8/id`? That's specific for the `example-gmail.php` file only. The general example goes something like `$openid->identity = $_POST['openid_identifier'];`.

Alix Axel 2010-07-14 12:27:38

@Artefacto: There seems to be another question regarding `identifier_select` @ http://stackoverflow.com/questions/3015765/is-google-the-only-openid-provider-that-requires-identifier-select/3048335#3048335. I'm failing to understand what this is and what it does.

Alix Axel 2010-07-14 12:31:55

`https://www.google.com/accounts/o8/id` causes user_select behaviour; the user will claim an identifier different from `https://www.google.com/accounts/o8/id`. So that's not really the case. And the general example doesn't change anything. It's really difficult to explain this in this short space. See the [docs](http://openid.net/specs/openid-authentication-2_0.html#verify_disco), 11.2 §3

Artefacto 2010-07-14 12:32:47

@Artefacto: I still don't fully understand it. I'll have to take a look at this tomorrow, I'm way to tired today.

Alix Axel 2010-07-14 14:22:59

@Alix Well, it's subtle, you have to fully grasp the OpenID workflow.

Artefacto 2010-07-14 14:24:51

ansaurus

tags:

views:

answers:

Getting a gmail address with... openid? oauth?

related questions