OpenID / OAuth Hybrid PHP Sample Code
The sample code contained in this project is intended to be used to integrate support for OpenID / OAuth hybrid on an external website. This project contains several files that are required for integration:
- index.html – The form to initiate the OpenID / OAuth process
- auth.php – Performs the discovery and authorization of the user
- complete.php – Completion page following the user authorization and integrates the OAuth support
- includes.php – Common configuration URLs, file locations and functions. URLS, FILE LOCATIONS and OAUTH KEYS / APPID NEED TO BE UPDATED WITH YOUR OWN FILES, URLS AND DATA.
- xrds.php – The XRDS file to validate your domain during OpenID domain discovery to avoid warning messages. See “Setting up This Example” section for full details.
This sample code requires the 2.×.x version of the PHP OpenID library to function. Please download this library from http://openidenabled.com/php-openid/. Within the archive is a folder titled “Auth” – copy this folder at the same level as the files in this project.
This sample code requires the OAuth PHP library located at http://oauth.googlecode.com/svn/code/php/OAuth.php. This file needs to be copied to the same folder as the files located in this project.
Setting Up This Example
To set up this example, there are several steps that need to be taken:
- Go to https://developer.apps.yahoo.com/projects and create a new project. Select the option for “OAuth Application”. Once this project is completed you will be provided with a consumer key, consumer secret and application id.
- Within includes.php, input the consumer key into the $key variable, the consumer secret into the $secret variable and the application id into the $appid variable.
- Within includes.php, replace the $base_url variable with the absolute path to the complete.php file on your server
This section will guide you through the setup of your XRDS file. This file is intended to bypass messages provided during authentication stating that your OpenID site’s identity is not confirmed, as described at http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html.
To complete this integration, the following steps must be iterated upon:
- Edit the <URI> node in the xrds.php file to point to the complete.php file on your server
- Copy the xrds.php file to your website
- On the root page served up by your domain (e.g. /index.html) add a meta tag in the head to link to the xrds file you just uploaded. This meta tag will look like <meta http-equiv=“X-XRDS-Location” content=“http://www.mydomain.com/xrds.php”/>
- Your domain should should now be discoverable through the OpenID process.
This project only accepts contributions licensed under the BSD open source license. See the Open Source Initiative’s approved template below.
Each file submitted should contain the following information in the header:
// Created by Jonathan LeBlanc
// Copyright © Jonathan LeBlanc, 2010. All Rights Reserved.
// Licensed under the BSD (revised) open source license.
Below is the Open Source Initiative BSD License Template (http://opensource.org/licenses/bsd-license.php):
Copyright © <2010>, <Jonathan LeBlanc>
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.