用PHP实现OpenID

时间:2013-02-07 13:50:57

标签: php openid

我对实现OpenID感兴趣并且我一直在阅读它,但仍然有一些方面我有点困惑。

我已经看到了交互和逐步详细信息的多个流程图,例如this one,但它们都跳过了有关成功登录后会发生什么的详细信息。我读过的所有内容都说“成功登录后,用户会被重定向回网站”。那么,我的网站如何知道登录成功了?是否设置了Cookie,我还会收到回复邮件吗?

例如,以下是我收录的链接

的详细信息
9. User POSTs response to OpenID Server.
10. User is redirected to either the success URL or the failure URL returned in (5) depending on the User response

//this is the step that it says tells me I've had a succes/failure upon login
5. Consumer inspects the HTML document header for <link/> tags with the attribute rel set to openid.server and, optionally, openid.delegate. The Consumer uses the values in these tags to construct a URL with mode checkid_setup for the Identity Server and redirects the User Agent. This checkid_setup URL encodes, among other things, a URL to return to in case of success and one to return to in the case of failure or cancellation of the request

我不太清楚如何解释它。具体是什么告诉我登录成功了?从我收集的内容来看,似乎设置了标题中的某些内容,但我该如何访问它?假设我发现登录成功登录,这是否意味着我可以继续设置与我的网站有关的cookie /会话?

编辑 - 我发现LightOpenID它似乎符合我的需要,但我仍然有点不确定

我在localhost上测试了它,并让谷歌登录工作。登录后,我会收到一个像

这样的网址
User https://www.google.com/accounts/o8/id?id=sdlkfjlkwliej9392010fjos has logged in.

检查代码,它由以下

生成
echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

我假设这意味着我只需检查$ openid-&gt; validate()进行登录?对于给定的Google帐户, $ openid-&gt;身份是否相同?我假设是,否则每次都无法跟踪用户。如果用户已登录,我可以设置cookie,会话以及我认为必要的其他有趣的东西,对吗?

1 个答案:

答案 0 :(得分:1)

以下是我使用的一些代码:

require '../../php/lightopenid-lightopenid/openid.php';

if( isset( $_COOKIE[ 'claimed_id' ] ))
{
    $claimed_id = $_COOKIE[ 'claimed_id' ];
    try
    {

            if(!isset($_GET['openid_mode']))
            {
                            $openid = new LightOpenID;
                            $openid->identity = 'https://www.google.com/accounts/o8/id';
                            header('Location: ' . $openid->authUrl());
            }
            elseif($_GET['openid_mode'] == 'cancel')
            {
                    unset( $claimed_id );
                    setcookie( "claimed_id", 0, time() - 3600, "/" );
            }
            else
            {
                    $openid = new LightOpenID;

                    if( $openid->validate() )
                    {
                    // different login
                            if ( $_REQUEST[ 'openid_claimed_id' ] != $claimed_id )
                            {
                                    unset( $claimed_id );
                                    setcookie( "claimed_id", 0, time() - 3600, "/" );
                            }
                    }
                    else
                    {
                    // cant validate
                            unset( $claimed_id );
                            setcookie( "claimed_id", 0, time() - 3600, "/" );
                    }
            }
    }
    catch(ErrorException $e)
    {
            echo "Authentication error.";
            error_log( $e->getMessage() );
            exit;
    }
}

// fall through to rest of code...