Quick start with openID

    Good afternoon friends.

    Today I want to share my experience in implementing openID authorization on my book site My Books. The article is intended for beginners, so it is unlikely to interest those who already know all the nuances of this technology. Its main purpose is to answer the question: “yes, it’s convenient, but how can I do this in my project? !!”

    Quick start

    I didn’t have any desire to poke around in large libraries, so the simple Simple OpenID PHP class was taken as the basis Class .

    To get started, we need only two scripts: class.openid.php and openid-example.php. The first is the class itself for working with openID, the second is an example of its use, which can be further developed for your purposes. It's nice that a lot has been commented. In theory, with the correct server settings, the test script should work after 5 minutes. Of which 4 minutes, oddly enough, it took to figure out what an openID identifier is. OpenID


    OpenID is a great technology. But tell me - who invented that in the role of his openID, the user should specify something like
    ? They want me to type this , and even each time instead of a pair of login-password ?! Sorry, it’s easier for me to register as usual. This is the first. Secondly, I did not notice any uniformity in the identifier record: each provider invents the kind of URL that he pleases. See for yourself:



    http: // {login} .myopenid.com /

    http: // {login} .wordpress.com /

    http: // {login} .blogspot.com /

    http: // {login} .livejournal.com /



    Thirdly, for some reason, these addresses do not appear on the pages of openID providers. Yes, everyone declares their support, but try, say, find this URL on the page
    . That's it. I also had to become Sherlock Holmes for half a day before I made my list.

    Convenience or arbitrary openID authorization

    From the foregoing, the following point follows: give the user the ability to enter an arbitrary openID URL, or limit it to a small list of the main providers? Plus the first option: you can log in from any server. Minus: force the user to remember and enter this long and incomprehensible address. Plus the second option: ease of entry (select the server from the list, enter only the login). Minus: forcibly restrict the user to only a certain list of authorization servers.

    What to do here - everyone decides for himself. I chose the second way. In the end, it’s hard to find an ordinary user who does not have an account on Yandex, Rambler, LiveJournal or Mail.ru (Google was very different in this regard - I honestly tried to understand how they made openID, but didn’t master it. If anyone something can explain - write in the comments). So I made a list of the main servers from which the user selects his own ( see in action ).

    What next?

    Well, authorization works, it redirects us to the necessary server and vice versa, the script joyfully issues “VALID”. What to do next? Next, you need another page on which the user will be asked to replenish their profile. Let's say I need a region and a city of residence from a user. Not all providers send email too. In general, you need to look at the situation. After the profile is completed and created, we authorize, and then the user works as usual.

    Underwater rocks

    While screwing openID on my site, I had to spend a lot of nerve cells. Firstly, what works on the local server will not necessarily work on the host (even with curl). I had to try other versions of the class (by the very first link in the article two more options are available - class.openid.v2.php and class.openid.v3.php).

    Another useful method in the class is GetAttribute (), which allows you to take profile parameters from an openID server (e-mail, full name, gender, etc. - for example, like this: $ openid-> GetAttribute ('email') ) However, in the second and third versions of the class, it disappeared somewhere, so you need to add:

    function GetAttribute ($ val)
    return $ _GET ["openid_sreg _". $ Val];

    In general, this can be considered a gentlemanly minimum to run openID authorization in your project. I would be grateful for additions and comments.

    Also popular now: