所以我试图掌握 OpenID,我觉得我理解了这个理论,等等......现在它来实现它了。我有一个非常基本的设置,可以向谷歌提供者地址发送一个 curl 请求。
https://www.google.com/accounts/o8/id
解析返回的 XRDS xml 文件
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/server</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
<Type>http://specs.openid.net/extensions/pape/1.0</Type>
<URI>https://www.google.com/accounts/o8/ud</URI>
</Service>
</XRD>
</xrds:XRDS>
从他们的 XRDS 文档中检索到 google 的实际提供程序后,我使用此功能重定向...
public function RedirectToEndpoint() {
$params = array();
$params['openid.mode'] = 'checkid_setup';
$params['openid.ns'] = 'http://specs.openid.net/auth/2.0';
$params['openid.claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select';
$params['openid.identity'] = 'http://specs.openid.net/auth/2.0/identifier_select';
$params['openid.return_to'] = $this->URLs['return_to'];
$params['openid.realm'] = $this->URLs['realm'];
$join = stripos($this->URLs['openid_server'], '?') ? '&' : '?';
$redirect_to = $this->URLs['openid_server'] . $join . $this->array2url($params);
if (headers_sent()){ // Use JavaScript to redirect if content has been previously sent (not recommended, but safe)
echo '<script language="JavaScript" type="text/javascript">window.location=\'';
echo $redirect_to;
echo '\';</script>';
}else{ // Default Header Redirect
header('Location: ' . $redirect_to);
}
}
array2url 是一个简单的函数,它将 assoc 数组 $params 转换为追加到查询字符串。
生成的url是这样的...
https://www.google.com/accounts/o8/ud?openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.return_to=http://learn.local/openid/return.php&openid.realm=http://learn.local/openid/index.html&
然而,你最终在一个页面请求是无效的。还有一个不错的 400 Bad Request.. 有什么想法吗?