0

所以我找到了这个browserid.org,然后找到了这个[browserid.org/developers],并决定尝试这种新的身份验证方法,即browserID。在深入研究了我能找到的唯一半官方示例(browserid_favbeer_example)并来回切换到 3 个简单步骤页面后,我仍然感到困惑。我搜索了一下,发现了一个,javascript 实现可以很容易地利用(现在),两个,来自一个非常好的人,下面的例子。我注意到它丢失的第一件事是注销。如果有人可以帮助我完成注销,将不胜感激。

<?php
/*
 * Simple implementation of Mozilla BrowserID (see https://browserid.org/)
 * Author : Guillaume <guillaume@atto.be>
 */
/*
 * Usage :
 *
$browserid = new BrowserID('mywebserver.com', $_POST['assertion']);
if($browserid->verify_assertion())
{
      echo('Welcome, your email is '.$browserid->get_email());
}
 */
class BrowserID
{
  private $audience;
  private $assertion;
  private $email;
  private $validity;
  private $issuer;
  private function post_request($url, $data)
  {
    $params = array('http' => array('method' => 'POST', 'content' => $data));
      return stream_get_contents($fp);
    }
    else
    {
      return FALSE;
        }
      }
      public function BrowserID($audience, $assertion)
      {
        $this->audience = $audience;
        $this->assertion = $assertion;
      }
      /*
       * Send the assertion to the browserid.org server (this must be over HTTPS)
       * The response is read to determine is the assertion is authentic
       */
      public function verify_assertion()
      {
                if(isset($result['status']) && $result['status'] == 'okay')
        {
          $this->email = $result['email'];
          $this->validity = $result['valid-until'];
          $this->issuer = $result['issuer'];
          return true;
        }
        else
        {
          return false;
        }
      }
      public function get_email()
      {
    return $this->email;
  }
  public function get_validity()
    return $this->email;
  }
  public function get_validity()
 * Usage :
 *
$browserid = new BrowserID('mywebserver.com', $_POST['assertion']);
if($browserid->verify_assertion())
{
  echo('Welcome, your email is '.$browserid->get_email());
}
 */
class BrowserID
{
  private $audience;
  private $assertion;
  private $email;
  private $validity;
  private $issuer;
  private function post_request($url, $data)
  {
    $params = array('http' => array('method' => 'POST', 'content' => $data));
      return stream_get_contents($fp);
    }
    else
    {
      return FALSE;
    }
  }
  public function BrowserID($audience, $assertion)
  {
    $this->audience = $audience;
    $this->assertion = $assertion;
  }
  /*
   * Send the assertion to the browserid.org server (this must be over HTTPS)
   * The response is read to determine is the assertion is authentic
   */
  public function verify_assertion()
  {
    if(isset($result['status']) && $result['status'] == 'okay')
    {
      $this->email = $result['email'];
      $this->validity = $result['valid-until'];
      $this->issuer = $result['issuer'];
      return true;
    }
    else
    {
      return false;
    }
  }
  public function get_email()
  {
    return $this->email;
  }
  public function get_validity()
  {
    return $this->validity;
  }
  public function get_issuer()
  {
    return $this->issuer;
  }
}// end class BrowserID
$browserid = new BrowserID($_SERVER['HTTP_HOST'], $_POST['assertion']);
if($browserid->verify_assertion())
{
  echo('Welcome '.$browserid->get_email());
}
else
{
  echo('Identification failure');
}
?>
4

2 回答 2

1

我希望现在回答你的问题还为时不晚。它在 BrowserID 邮件列表中被注意到,但不幸的是没有人回来回答你。

使用 BrowserID 进行身份验证后,您设置了一个身份验证 cookie,并根据 cookie 确定用户是否有效。然后要注销,您向用户提供一个链接,让您删除该 cookie。

于 2011-11-25T23:10:35.560 回答
0

Joe 的回答是正确的,Persona 不会取代您现有的会话管理,因此您仍然需要创建和删除 cookie。

但是,新的 Persona/BrowserID API 现在具有您应该调用的 navigator.id.logout() 函数,以及 navigator.id.watch() 中的“onlogout”回调,您可以在其中指定用户注销时会发生什么(即 cookie 被删除):

https://developer.mozilla.org/en-US/docs/DOM/navigator.id#ObserverMethods

于 2012-10-11T19:35:03.910 回答