Zend_Auth_Adapter_OpenId allows authenticate user using
remote OpenID server. Such authentication process assumes that user
submits to web application only their OpenID identity. Then they are
redirected to their OpenID providers to prove the identity ownership
using password or some other method. This password is never known
to local web application.
The OpenID identity is just an HTTP URL that points to some web page with suitable information about the user and special tags which describes which server to use and which identity to submit there. You can read more about OpenID at OpenID official site.
The Zend_Auth_Adapter_OpenId class is a wrapper on top
of Zend_OpenId_Consumer component which implements the
OpenID authentication protocol itself.
![[Замечание]](/images/note.gif) |
Замечание |
|---|---|
|
As any other Zend_Auth adapter the Zend_Auth_Adapter_OpenId
class implements Zend_Auth_Adapter_Interface, which
defines one method - authenticate(). This method performs
the authentication itself, but the object must be prepared prior to
calling it. Such adapter preparation includes setting up OpenID
identity and some other Zend_OpenId specific options.
However in opposite to other Zend_Auth adapters it
performs authentication on external server and it is done in two
separate HTTP requests. So the Zend_Auth_Adapter_OpenId::authenticate()
must be called twice. First time the method won't return, but will
redirect user to their OpenID server. Then after authentication on
server they will be redirected back and the script for this second
request must call Zend_Auth_Adapter_OpenId::authenticate()
again to verify signature which come with redirected request from the
server and complete the authentication process. This time the
method will return Zend_Auth_Result object as expected.
The following example shows the usage of Zend_Auth_Adapter_OpenId.
As was said before the Zend_Auth_Adapter_OpenId::authenticate()
is called two times. First time - after submitting of HTML form when
$_POST['openid_action'] is set to "login",
and the second time after HTTP redirection from OpenID server when
$_GET['openid_mode'] or $_POST['openid_mode']
is set.
<?php
require_once "Zend/Auth.php";
require_once "Zend/Auth/Adapter/OpenId.php";
$status = "";
$auth = Zend_Auth::getInstance();
if ((isset($_POST['openid_action']) &&
$_POST['openid_action'] == "login" &&
!empty($_POST['openid_identifier'])) ||
isset($_GET['openid_mode']) ||
isset($_POST['openid_mode'])) {
$result = $auth->authenticate(
new Zend_Auth_Adapter_OpenId(@$_POST['openid_identifier']));
if (!$result->isValid()) {
$status = "You are logged-in as " . $auth->getIdentity() . "<br>\n";
} else {
$auth->clearIdentity();
foreach ($result->getMessages() as $message) {
$status .= "$message<br>\n";
}
}
} else if ($auth->hasIdentity()) {
if (isset($_POST['openid_action']) &&
$_POST['openid_action'] == "logout") {
$auth->clearIdentity();
} else {
$status = "You are logged-in as " . $auth->getIdentity() . "<br>\n";
}
}
?>
<html><body>
<?php echo "$status";?>
<form method="post"><fieldset>
<legend>OpenID Login</legend>
<input type="text" name="openid_identifier" value="">
<input type="submit" name="openid_action" value="login">
<input type="submit" name="openid_action" value="logout">
</fieldset></form></body></html>
*/
It is allowed customize the OpenID authentication process with:
receiving redirection from the OpenID server on separate page,
specifying the "root" of web site. In this case, using custom
Zend_OpenId_Consumer_Storage or custom
Zend_Controller_Response. It is also possible to use
Simple Registration Extension to retrieve information about
user from the OpenID server. All these possibilities described
in more details in Zend_OpenId_Consumer
reference.