Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 188 lines (143 sloc) 8.676 kb
095988df »
2012-05-02 Updating readme
1 # OpenID component for CakePHP
2
3 ## Purpose
4
5 An OpenID component for CakePHP 1.x. Supports SReg (simple registration extension) and AX (attribute exchange).
6
7 ## Installation
8
9 * Copy the file `controllers/components/openid.php` to the `controllers/components` folder of your application or plugin
10 * Copy the `vendors/Auth` folder to one of your `vendors` folders (`vendors`, `app/vendors`, or `app/plugins/<pluginname>/vendors`)
11 * Add the component to the `$components` array of your controller(s)
12 * On Windows, add `define('Auth_OpenID_RAND_SOURCE', null)` to `app/config/bootstrap.php` to use an insecure random number generator because the default random number generator used (`/dev/urandom`) is not available on Windows
13
14 ### Using the MySQLStore (optional)
15
16 By default, the OpenID component stores all data in `app/tmp/openid`. To store those data in a MySQL database, please follow these steps:
17
18 * Copy the `vendors/pear` folder to one of your `vendors` folders
19 * Run the `openid.sql` script, available in `config/sql`, to create the necessary tables
20 * Configure the component to use a database by following one of these two steps:
21 * To use the `default` database configuration defined in `app/config/database.php`: `public $components = array('Openid' => array('use_database' => true));`
22 * To use another database configuration: `public $components = array('Openid' => array('database_config' => 'name_of_database_config'));`
23
24 ### Accepting Google Apps OpenIDs (optional)
25
26 By default, the OpenID component doesn't accept Google Apps OpenIDs. The reason it's disabled by default is that it introduces an additional request to Google every time the authentication process is started.
27
28 To enable support for Google Apps OpenIDs, use the following config setting: `public $components = array('Openid' => array('accept_google_apps' => true));`
29
30 ## Example application
31
32 There is a very simple example application available to show you how to use the OpenID component. Its source code is available in the [openid-component-example repo](https://github.com/cakebaker/openid-component-example/tree/cake_1.x), and you can see the application in action on http://openid-example.42dh.com.
33
34 ## Example usage
35
36 First, we need a login form:
37
38 ```php
39 <?php
40 // app/views/users/login.ctp
41 if (isset($error)) {
42 echo '<p class="error">'.$error.'</p>';
43 }
44 echo $form->create('User', array('type' => 'post', 'action' => 'login'));
45 echo $form->input('OpenidUrl.openid', array('label' => false));
46 echo $form->end('Login');
47 ?>
48 ```
49
50 Next, we have to write a controller to handle this form. Our controller has to perform the following tasks: show the login form, redirect the user to the OpenID provider after he submitted the login form, and last, but not least, handle the response from the OpenID provider.
51
52 ```php
25706e0c »
2012-05-02 Adding <?php to readme for syntax highlighting
53 <?php
095988df »
2012-05-02 Updating readme
54 // app/controllers/users_controller.php
55 class UsersController extends AppController {
56 public $components = array('Openid', 'RequestHandler');
57 public $uses = array();
58
59 public function login() {
60 $realm = 'http://' . $_SERVER['HTTP_HOST'];
61 $returnTo = $realm . '/users/login';
62
63 if ($this->RequestHandler->isPost() && !$this->Openid->isOpenIDResponse()) {
64 try {
65 $this->Openid->authenticate($this->data['OpenidUrl']['openid'], $returnTo, $realm);
66 } catch (InvalidArgumentException $e) {
67 $this->set('error', 'Invalid OpenID');
68 } catch (Exception $e) {
69 $this->set('error', $e->getMessage());
70 }
71 } elseif ($this->Openid->isOpenIDResponse()) {
72 $response = $this->Openid->getResponse($returnTo);
73
74 if ($response->status == Auth_OpenID_CANCEL) {
75 $this->set('error', 'Verification cancelled');
76 } elseif ($response->status == Auth_OpenID_FAILURE) {
77 $this->set('error', 'OpenID verification failed: '.$response->message);
78 } elseif ($response->status == Auth_OpenID_SUCCESS) {
79 echo 'successfully authenticated!';
80 exit;
81 }
82 }
83 }
84 }
85 ```
86 When testing this example, your OpenID provider might show you a warning that your site couldn't be verified (as far as I know only AOL shows such a warning). To get rid of this warning, please see the article [Enabling your application for return URL verification](http://cakebaker.42dh.com/2008/03/18/enabling-your-application-for-return-url-verification/).
87
88 ### Using the Simple Registration Extension (SReg)
89
90 The [Simple Registration Extension](http://openid.net/specs/openid-simple-registration-extension-1_0.html) allows you to retrieve nine commonly requested pieces of information: nickname, email, fullname, dob (date of birth), gender, postcode, country, language, and timezone. Please be aware that some OpenID providers (for example, Google) don't support SReg.
91
92 ```php
25706e0c »
2012-05-02 Adding <?php to readme for syntax highlighting
93 <?php
095988df »
2012-05-02 Updating readme
94 // app/controllers/users_controller.php
95 class UsersController extends AppController {
96 public $components = array('Openid', 'RequestHandler');
97
98 public function login() {
99 $realm = 'http://'.$_SERVER['HTTP_HOST'];
100 $returnTo = $realm . '/users/login';
101
102 if ($this->RequestHandler->isPost() && !$this->Openid->isOpenIDResponse()) {
103 $this->makeOpenIDRequest($this->data['OpenidUrl']['openid'], $returnTo, $realm);
104 } elseif ($this->Openid->isOpenIDResponse()) {
105 $this->handleOpenIDResponse($returnTo);
106 }
107 }
108
109 private function makeOpenIDRequest($openid, $returnTo, $realm) {
110 $required = array('email');
111 $optional = array('nickname');
112 $this->Openid->authenticate($openid, $returnTo, $realm, array('sreg_required' => $required, 'sreg_optional' => $optional));
113 }
114
115 private function handleOpenIDResponse($returnTo) {
116 $response = $this->Openid->getResponse($returnTo);
117
118 if ($response->status == Auth_OpenID_SUCCESS) {
119 $sregResponse = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
120 $sregContents = $sregResponse->contents();
121
122 if ($sregContents) {
123 if (array_key_exists('email', $sregContents)) {
124 debug($sregContents['email']);
125 }
126 if (array_key_exists('nickname', $sregContents)) {
127 debug($sregContents['nickname']);
128 }
129 }
130 }
131 }
132 }
133 ```
134
135 ### Using Attribute Exchange (AX)
136
137 [Attribute Exchange](http://openid.net/specs/openid-attribute-exchange-1_0.html) allows you to retrieve identity information from the OpenID provider, if supported. http://www.axschema.org/types contains a list with possible attribute names, though only a small subset is usually supported by the OpenID providers.
138
139 ```php
25706e0c »
2012-05-02 Adding <?php to readme for syntax highlighting
140 <?php
095988df »
2012-05-02 Updating readme
141 // app/controllers/users_controller.php
142 class UsersController extends AppController {
143 public $components = array('Openid', 'RequestHandler');
144
145 public function login() {
146 $realm = 'http://'.$_SERVER['HTTP_HOST'];
147 $returnTo = $realm . '/users/login';
148
149 if ($this->RequestHandler->isPost() && !$this->Openid->isOpenIDResponse()) {
150 $this->makeOpenIDRequest($this->data['OpenidUrl']['openid'], $returnTo, $realm);
151 } elseif ($this->Openid->isOpenIDResponse()) {
152 $this->handleOpenIDResponse($returnTo);
153 }
154 }
155
156 private function makeOpenIDRequest($openid, $returnTo, $realm) {
157 // some OpenID providers (e.g. MyOpenID) use 'schema.openid.net' instead of 'axschema.org'
158 $attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true, 'fullname');
159 $this->Openid->authenticate($openid, $returnTo, $realm, array('ax' => $attributes));
160 }
161
162 private function handleOpenIDResponse($returnTo) {
163 $response = $this->Openid->getResponse($returnTo);
164
165 if ($response->status == Auth_OpenID_SUCCESS) {
166 $axResponse = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
167
168 if ($axResponse) {
169 debug($axResponse->get('http://axschema.org/namePerson'));
170 debug($axResponse->getSingle('http://axschema.org/namePerson'));
171 }
172 }
173 }
174 }
175 ```
176
177 ## Troubleshooting
178
179 If you encounter signature validation errors, it could be because of bugs in the GMP math library. In this case, add the following constant to `app/config/bootstrap.php`: `define('Auth_OpenID_BUGGY_GMP', true);`
180
181 ## Contact
182
183 Feel free to contact me via Twitter ([@dhofstet](https://twitter.com/dhofstet)) or by email (daniel.hofstetter@42dh.com) if you have any questions or feedback.
184
185 ## License
186
187 The OpenID component is licensed under the MIT license.
Something went wrong with that request. Please try again.