7

我对实现 OpenID 很感兴趣,并且一直在阅读它,但仍有一些方面我有点困惑。

我已经看到了多个交互流程图和分步详细信息,例如这个,但它们都跳过了有关成功登录时发生的情况的详细信息。我读到的所有内容都类似于“成功登录后,用户被重定向回站点”。那么,我的网站如何知道登录成功?cookie 设置好了吗,我会收到 POST 回复吗?

例如,这是我包含的链接中的详细信息

9. User POSTs response to OpenID Server.
10. User is redirected to either the success URL or the failure URL returned in (5) depending on the User response

//this is the step that it says tells me I've had a succes/failure upon login
5. Consumer inspects the HTML document header for <link/> tags with the attribute rel set to openid.server and, optionally, openid.delegate. The Consumer uses the values in these tags to construct a URL with mode checkid_setup for the Identity Server and redirects the User Agent. This checkid_setup URL encodes, among other things, a URL to return to in case of success and one to return to in the case of failure or cancellation of the request

我不太确定如何解释。具体是什么告诉我登录成功?从我收集的信息来看,似乎标题中的某些内容已设置,但我如何访问它?假设我发现登录成功登录,这是否意味着我可以继续设置与我的网站相关的 cookie/会话?

编辑-我找到了 LightOpenID,它似乎适合我的需要,但我仍然有点不确定

我在 localhost 上对其进行了测试,并让谷歌登录工作。登录后,我收到一个 URL,例如

User https://www.google.com/accounts/o8/id?id=sdlkfjlkwliej9392010fjos has logged in.

检查代码,它是由以下生成的

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

我假设这意味着我只需检查 $openid->validate() 的登录信息?对于给定的谷歌帐户,$openid->identity 每次都相同吗?我假设是的,否则每次都无法跟踪用户。如果用户已经登录,我就可以设置 cookie、会话以及我认为必要的任何其他有趣的东西,对吧?

4

1 回答 1

1

这是我使用的一些代码:

require '../../php/lightopenid-lightopenid/openid.php';

if( isset( $_COOKIE[ 'claimed_id' ] ))
{
    $claimed_id = $_COOKIE[ 'claimed_id' ];
    try
    {

            if(!isset($_GET['openid_mode']))
            {
                            $openid = new LightOpenID;
                            $openid->identity = 'https://www.google.com/accounts/o8/id';
                            header('Location: ' . $openid->authUrl());
            }
            elseif($_GET['openid_mode'] == 'cancel')
            {
                    unset( $claimed_id );
                    setcookie( "claimed_id", 0, time() - 3600, "/" );
            }
            else
            {
                    $openid = new LightOpenID;

                    if( $openid->validate() )
                    {
                    // different login
                            if ( $_REQUEST[ 'openid_claimed_id' ] != $claimed_id )
                            {
                                    unset( $claimed_id );
                                    setcookie( "claimed_id", 0, time() - 3600, "/" );
                            }
                    }
                    else
                    {
                    // cant validate
                            unset( $claimed_id );
                            setcookie( "claimed_id", 0, time() - 3600, "/" );
                    }
            }
    }
    catch(ErrorException $e)
    {
            echo "Authentication error.";
            error_log( $e->getMessage() );
            exit;
    }
}

// fall through to rest of code...
于 2013-02-07T15:17:54.387 回答