Quick start with openID
Good afternoon friends.
Today I want to share my experience in implementing authorization on openID on my My Books book site. The article is designed for beginners, so it is unlikely to interest those who already know all the nuances of this technology. Its main goal is to answer the question: “yes, this is convenient, but how can I do this in my project? !!”
')
Fast start
I didn’t want to poke around in large libraries, so the simple Simple OpenID PHP Class was taken as a basis.
To begin with, we need only two scripts from here: class.openid.php and openid-example.php. The first is the class itself for working with openID, the second is a sample of its use, which can be further developed to suit your goals. It's nice that much has been commented. In theory, if the server settings are correct, the test script should work in 5 minutes. From which 4 minutes left, oddly enough, to find out what the openID-identifier is.
OpenID list
OpenID is a great technology. But tell me - who thought up that in the role of his openID the user should indicate something like
Thirdly, for some reason, these addresses do not appear on the pages of openID-providers. Yes, everybody declares their support, but try, say, to find this URL on the page
Convenience or arbitrary openID authorization
From the above, this implies: give the user the opportunity to enter an arbitrary openID URL, or restrict it to a small list of main providers? Plus the first option: you can log in from any server. Minus: we force the user to memorize and enter this long and incomprehensible address. Plus of the second option: convenience of input (we select the server from the list, we enter only login). Minus: forcibly restrict the user only to a specific list of authorization servers.
What to do here - everyone decides for himself. I chose the second path. In the end, it’s hard to find a regular user who doesn’t have a user account on Yandex, Rambler, LJ or Mail.ru (Google was very different in this regard - I honestly tried to understand how they did openID, but didn’t master it. If anyone can explain - write in the comments). So I made a list of the main servers from which the user chooses his ( see in action ).
So what is next?
Well, the authorization works, we are redirected to the right server and back, the script happily gives out "VALID". What to do next? Next, you need another page on which the user will be asked to fill out your profile. Suppose I need a region and city of residence from a user. E-mail is also not transmitted by all providers. In general, you need to look at the situation. After the profile is completed and created - we authorize, and then the user works as usual.
Underwater rocks
While I was screwing openID on my website, I had to spend a lot of nerve cells. First, what works on the local server will not necessarily work for the hoster (even with curl). I had to try other versions of the class (for the very first link in the article, two more options are available - class.openid.v2.php and class.openid.v3.php).
Another useful method in the class is GetAttribute (), which allows you to take profile parameters from an openID server (e-mail, full name, gender, etc. - for example, like this: $ openid-> GetAttribute ('email') ). True, in the second and third versions of the class it disappeared somewhere, so you need to add:
function GetAttribute ($ val)
{
return $ _GET ["openid_sreg _". $ val];
}
In general, it is possible to consider this a gentlemanly minimum, in order to run authorization on the openID in your project. I would appreciate additions and comments.
Today I want to share my experience in implementing authorization on openID on my My Books book site. The article is designed for beginners, so it is unlikely to interest those who already know all the nuances of this technology. Its main goal is to answer the question: “yes, this is convenient, but how can I do this in my project? !!”
')
Fast start
I didn’t want to poke around in large libraries, so the simple Simple OpenID PHP Class was taken as a basis.
To begin with, we need only two scripts from here: class.openid.php and openid-example.php. The first is the class itself for working with openID, the second is a sample of its use, which can be further developed to suit your goals. It's nice that much has been commented. In theory, if the server settings are correct, the test script should work in 5 minutes. From which 4 minutes left, oddly enough, to find out what the openID-identifier is.
OpenID list
OpenID is a great technology. But tell me - who thought up that in the role of his openID the user should indicate something like
http://id.rambler.ru/users/{}/ ? They want me to type it , and even every time instead of a pair of login-password? Sorry, it's easier for me to register as usual. This is the first. Secondly, I did not notice any uniformity in the identifier record: each provider comes up with the kind of URL that he likes. See for yourself: http://openid.yandex.ru/{login} http://openid.mail.ru/mail/{} http: // {login} .myopenid.com / http: // {login} .wordpress.com / http: // {login} .blogspot.com / http: // {login} .livejournal.com / http://www.liveinternet.ru/users/{login} http://id.rambler.ru/users/{}/ Thirdly, for some reason, these addresses do not appear on the pages of openID-providers. Yes, everybody declares their support, but try, say, to find this URL on the page
http://openid.mail.ru. That's it. I also had to be Sherlock Holmes for half a day before I made my list.
Convenience or arbitrary openID authorization
From the above, this implies: give the user the opportunity to enter an arbitrary openID URL, or restrict it to a small list of main providers? Plus the first option: you can log in from any server. Minus: we force the user to memorize and enter this long and incomprehensible address. Plus of the second option: convenience of input (we select the server from the list, we enter only login). Minus: forcibly restrict the user only to a specific list of authorization servers.
What to do here - everyone decides for himself. I chose the second path. In the end, it’s hard to find a regular user who doesn’t have a user account on Yandex, Rambler, LJ or Mail.ru (Google was very different in this regard - I honestly tried to understand how they did openID, but didn’t master it. If anyone can explain - write in the comments). So I made a list of the main servers from which the user chooses his ( see in action ).
So what is next?
Well, the authorization works, we are redirected to the right server and back, the script happily gives out "VALID". What to do next? Next, you need another page on which the user will be asked to fill out your profile. Suppose I need a region and city of residence from a user. E-mail is also not transmitted by all providers. In general, you need to look at the situation. After the profile is completed and created - we authorize, and then the user works as usual.
Underwater rocks
While I was screwing openID on my website, I had to spend a lot of nerve cells. First, what works on the local server will not necessarily work for the hoster (even with curl). I had to try other versions of the class (for the very first link in the article, two more options are available - class.openid.v2.php and class.openid.v3.php).
Another useful method in the class is GetAttribute (), which allows you to take profile parameters from an openID server (e-mail, full name, gender, etc. - for example, like this: $ openid-> GetAttribute ('email') ). True, in the second and third versions of the class it disappeared somewhere, so you need to add:
function GetAttribute ($ val)
{
return $ _GET ["openid_sreg _". $ val];
}
In general, it is possible to consider this a gentlemanly minimum, in order to run authorization on the openID in your project. I would appreciate additions and comments.
Source: https://habr.com/ru/post/93892/
All Articles