用PHP实现OpenID [英] Implementing OpenID with PHP
问题描述
我对实现OpenID感兴趣,并且我一直在阅读有关它的信息,但是仍然有一些方面让我有些困惑.
I'm interested in implementing OpenID and I've been reading about it, but there's still a few aspects I'm a bit confused about.
I've seen multiple flow charts of the interaction and step-by-step details, such as this one, but they all skip details about what happens upon a successful login. Everything I've read says something along the lines of "upon successful login, the user is redirected back to the site." Well, how does my site know that the login was successful? Are cookies set, do I get a POST back, something else?
例如,这是我包含的链接中的详细信息
For example, here are the details from the link I included
9. User POSTs response to OpenID Server.
10. User is redirected to either the success URL or the failure URL returned in (5) depending on the User response
//this is the step that it says tells me I've had a succes/failure upon login
5. Consumer inspects the HTML document header for <link/> tags with the attribute rel set to openid.server and, optionally, openid.delegate. The Consumer uses the values in these tags to construct a URL with mode checkid_setup for the Identity Server and redirects the User Agent. This checkid_setup URL encodes, among other things, a URL to return to in case of success and one to return to in the case of failure or cancellation of the request
我不太确定该怎么解释.具体是什么告诉我登录成功?从我收集到的信息来看,似乎已设置了标题中的某些内容,但是如何访问它呢?假设我发现登录已成功登录,这是否意味着我可以继续设置与我的网站相关的cookie/会话?
I'm not quite sure how to interpret that. What specifically is telling me that the login was successful? From what I gather, it seems as if something in the header is set, but how do I access it? Assuming I find out the login was successful logged in, does that mean I can then go ahead and proceed to set cookies/sessions pertaining to my site?
编辑-我发现 LightOpenID ,它看起来很符合我的需求,但是我仍然不确定某事
edit- I found LightOpenID and it appears to suit my needs, but I'm still a bit unsure of something
我在localhost上对其进行了测试,并使Google登录成功.登录后,我收到一个类似
I tested it out on localhost and got the google login to work. Upon logging in I receive a URL like
User https://www.google.com/accounts/o8/id?id=sdlkfjlkwliej9392010fjos has logged in.
检查代码,它是由以下内容生成的
Inspecting the code, it's generated by the following
echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
我假设这意味着我只是检查$ openid-> validate()进行登录? 给定的Google帐户每次$ openid->身份是否相同?我假设是的,否则每次都无法跟踪用户.如果用户已经登录,那么我可以设置cookie,会话以及我认为必要的其他有趣的东西,对吗?
I'm assuming this means I simply check $openid->validate() for the login? Will $openid->identity be the same every time for the given google account? I'm assuming yes, otherwise there'd be no way to track the user each time. If the user has logged in I can then set cookies, sessions, and whatever other fun stuff I deem necessary, right?
推荐答案
以下是我使用的一些代码:
Here's some code I use:
require '../../php/lightopenid-lightopenid/openid.php';
if( isset( $_COOKIE[ 'claimed_id' ] ))
{
$claimed_id = $_COOKIE[ 'claimed_id' ];
try
{
if(!isset($_GET['openid_mode']))
{
$openid = new LightOpenID;
$openid->identity = 'https://www.google.com/accounts/o8/id';
header('Location: ' . $openid->authUrl());
}
elseif($_GET['openid_mode'] == 'cancel')
{
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
else
{
$openid = new LightOpenID;
if( $openid->validate() )
{
// different login
if ( $_REQUEST[ 'openid_claimed_id' ] != $claimed_id )
{
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
}
else
{
// cant validate
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
}
}
catch(ErrorException $e)
{
echo "Authentication error.";
error_log( $e->getMessage() );
exit;
}
}
// fall through to rest of code...
这篇关于用PHP实现OpenID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
