OpenID用户验证如何工作？ [英] How does OpenID user validation works?

问题描述

好，我试图实现Steam OpenID登录到网站，但不太确定如何做，以及Steam如何验证用OpenID的用户。

Well im trying to implement Steam OpenID login to a website but im not quite sure how it's done and how does Steam validate users who are loged in with OpenID.

至于现在我发现是蒸汽只给用户id回来没有别的，所以对于其余的东西，我必须使用API​​来获得用户的其他信息。

As for now what i have found out is that steam only gives user id back and nothing else so for the rest of things i would have to use API to get other info of the user.

但是我不太确定用户如何通过OpenID在网站上验证。

But im not quite sure how does the users get validated on the website once someone is loged in via OpenID.

当用户从OpenID寄存时，我需要进行会话或设置cookie或将用户存储到数据库中吗？

Do i need to make a session or set cookie or store user into database once user is logedin from OpenID?

try {
# Change 'localhost' to your domain name.
$openid = new LightOpenID('http://localhost/openid');
if(!$openid->mode) {
    if(isset($_GET['login'])) {
        $openid->identity = 'http://steamcommunity.com/openid';
        header('Location: ' . $openid->authUrl());
    }
echo '<li><a href="?login"><img border="0" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png" /></a></li>';
}

elseif($openid->mode == 'cancel') {
    echo 'User has canceled authentication!';
}

else {
    $_SESSION['loged']=1;

    header('Location: http://localhost/openid');

}

if(isset($_SESSION['loged'])) {

echo '<li><a href="?logout">Logout</a></li>';

}
if(isset($_GET['logout'])) {
    unset($_SESSION['loged']);
}

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

}

catch(ErrorException $e) {
echo $e->getMessage();
}

Im以此代码为例

我猜想

if(!openid->mode)

意味着如果没有设置openid？我应该显示登录按钮并转到openid提供商登录，如果我按下按钮

means if openid is not set ? than i should show login button and go to openid provider to login if i press that button

接下来是如果用户不登录显示取消消息

And next is else if user don't login show cancel message

或下一个部分是如果用户是因为openid只返回用户id我需要处理他不知何故，并保持他登录我的网站，对于那一部分我应该设置一些会话或cookie，我设置了一个会话并将用户重定向回主页。

or next part is if user is loged in so since openid only returns user id i need to deal with him somehow and keep him logged in on my website, for that part i should set some session or cookie which i did set a session and redirected user back to home page.

但我不明白的东西。

为什么我的登录按钮会一直显示？

Why my login button is shown all the time?

此

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

为什么它不工作？它总是显示用户未登录

Why it's not working? it always show user is not loggedin

推荐答案

这是我用来通过Steam的OpenID认证的代码

This is the code that I've used to authenticate via Steam's OpenID

<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";

// CHECK IF COOKIE EXISTS WITH PROFILE ID. IF NOT, LOG THE USER IN

try 
{
    $openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
    if(!$openid->mode) 
    {
        if(isset($_GET['login'])) 
        {
            $openid->identity = 'http://steamcommunity.com/openid/?l=english';    // This is forcing english because it has a weird habit of selecting a random language otherwise
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
    } 
    elseif($openid->mode == 'cancel') 
    {
        echo 'User has canceled authentication!';
    } 
    else 
    {
        if($openid->validate()) 
        {
                $id = $openid->identity;
                // identity is something like: http://steamcommunity.com/openid/id/76561197960435530
                // we only care about the unique account ID at the end of the URL.
                $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
                preg_match($ptn, $id, $matches);
                echo "User is logged in (steamID: $matches[1])\n";
                // HERE YOU CAN SET A COOKIE, SAVE TO A DATABASE, CREATE A SESSION, ETC.

                // This is an example of what you can do once you have the profile id    
                $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=$_STEAMAPI&steamids=$matches[1]";
                $json_object= file_get_contents($url);
                $json_decoded = json_decode($json_object);

                foreach ($json_decoded->response->players as $player)
                {
                    echo "
                    <br/>Player ID: $player->steamid
                    <br/>Player Name: $player->personaname
                    <br/>Profile URL: $player->profileurl
                    <br/>SmallAvatar: <img src='$player->avatar'/> 
                    <br/>MediumAvatar: <img src='$player->avatarmedium'/> 
                    <br/>LargeAvatar: <img src='$player->avatarfull'/> 
                    ";
                }

        } 
        else 
        {
                echo "User is not logged in.\n";
        }
    }
} 
catch(ErrorException $e) 
{
    echo $e->getMessage();
}
?>

这将向用户提供一个Steam登录ID按钮，当用户点击它时会重定向用户到Steam社区登录页面。登录后，用户将被重新发送到您的域。这是在LightOpenID构造函数中设置的。如果用户已经过验证，它将从返回的值中提取唯一的播放器ID。该返回值看起来像 http://steamcommunity.com/openid/id/76561194350435530 ，您只需要 76561194350435530 部分。使用它，您可以查询任何带有个人资料ID的Valve API。

This will present the user with a Steam Login ID button, which when it is clicked will redirect the user to the Steam Community login page. After they login, the user is sent back to your domain. This is what is set in the LightOpenID constructor. If the user has been validated, it will pull the unique player ID from the returned value. That returned value looks like http://steamcommunity.com/openid/id/76561194350435530, and you need just the 76561194350435530 part. Using this, you can query any of the Valve API's that take a Profile ID.

设置Cookie和会话可以在登录过程结束时完成。

Setting cookies and sessions can be accomplished at the end of the login process.

这篇关于OpenID用户验证如何工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！