Let users authenticate with OpenID
Add as a submodulegit submodule add https://github.com/alpacaaa/openid_auth.git extensions/openid_auth --recursive
This is a Symphony CMS extension that allow users to authenticate with their OpenID.
- Author: Marco Sampellegrini (alpacaaa)
- Github repository: http://github.com/alpacaaa/openid_auth/
- Release date: 4th April 2012
- Version: 0.3
Enable the extension as always. During the authentication process, the library needs to store some data. There are quite a few adapter available, but the most straightforward and simple is to use a file based store. All you need to do is to designate a writable folder for this purpose.
It's better to keep it out of your public directory, but it isn't required.
Add a new entry to your
manifest/config.php with the absolute path of the folder:
'openid-auth' => array( 'store-path' => '~/top-secret/id_store' ),
If you don't provide any path,
EXTENSIONS. '/openid_auth/id_store' will be used instead.
Just make sure it is writeable.
Installing from git
Remember to initialize modules.
cd extensions git clone git://github.com/alpacaaa/openid_auth.git cd openid_auth git submodule update --init
At its core the extension provides two events: OpenID Authentication and OpenID Data. You need to attach both to your page and use a form like this to allow login:
<form method="get" action=""> <p> OpenID identifier: <input type="text" name="openid-identifier" /> <input type="submit" /> </p> </form>
If the authentication went fine, OpenID Data event will append to your xml the identifier of the user.
There are a few features that is worth noting.
Along with the extension comes a
providers.json file which lists most of the well known OpenID providers.
You should let the user choose between a set of providers so that he/she just needs to insert the username.
OpenID selector, which empower StackOverflow login page (quite cool).
OpenID Authentication event attach this list as xml to your frontend.
Simple Registration Extension
From the spec page:
OpenID Simple Registation is an extension to the OpenID Authentication protocol that allows for very light-weight profile exchange. It is designed to pass eight commonly requested pieces of information when an End User goes to register a new account with a web service.
In short you can request, along with the user identifier, other information such as fullname or date of birthday. The full list of parameters can be found here: http://openid.net/specs/openid-simple-registration-extension-10.html#responseformat
There are two ways to request parameters.
- (Sucks) Send them with your form.
Just include two additional hidden inputs to your form and name them
They have to be array, so use a syntax like this:
<input type="hidden" name="required-fields" value="fullname" /> <input type="hidden" name="required-fields" value="language" />
This method is ok only when you have optional fields but in fact should be avoided.
- (Best) Store them in your
Add a new entry to your config file that looks like this:
'openid-auth' => array( 'sreg-required-fields' => 'fullname, dob', 'sreg-optional-fields' => 'language' ),
Yeah, that was easy.
After a succesful authentication, a new delegate is fired:
For an example callback, have a look at
Basically, it just provides the identifier and the simple registration data, if any. This is useful to store the user in your database, or associate his/her OpenID with an already existing member.
There's an issue with google apps authentication which the awesome Stephen has spotted.
It might have been fixed since I initially wrote the extension, we'll never know :
Integration with members extension
Requires Symphony 2.3
Requires Symphony 2.1.0