Xeoncross Posted May 31, 2008 Share Posted May 31, 2008 Well, I have spent several days working on learning the OpenID system (in PHP) and I am still wondering about some things. I figured I would start with the specs for authentication version 1.1. As OpenID 2.0 is more complex. However, after reading this great getting started guide and watching some movies on youtube and else where I started downloading API's/Scripts and looking at them. These Classes have helped me the most: http://siege.org/projects/phpMyID/ http://sux0r.cvs.sourceforge.net/sux0r/sux0r2/includes/suxOpenID.php?view=markup http://www.phpclasses.org/browse/package/3290.html http://wiki.guruj.net/Clamshell!Home http://www.intertwingly.net/blog/2007/01/03/OpenID-for-non-SuperUsers However, in the OpenID 1.1 there are only FOUR funtions - and they seem to be Consumer or Provider specific. This Logic flow chart shows the order that the API's are to be called - but I am having trouble wrapping my mind around the whole thing when some of the PHP classes I download are 20 files and over 300k! Why is the Spec for 1.1 so simple but the lib's so complex? Can anyone map the function names to the logic flow? - that would REALLY help me! If someone could just help me get into the right way of looking at this I could finish my understanding. Kind of like back when we each needed a little help with OOP... Quote Link to comment Share on other sites More sharing options...
Xeoncross Posted May 31, 2008 Author Share Posted May 31, 2008 Well, this is the best I have so far as to the logic of the system. ////Consumer\\\\ //first the user enters the URL of there openid Provider function no_mode()-> user enters openid url -> submit //Next, the consumer fetches the OpenID page given by User and finds the server function get_server()-> //then checks to see if a shared secret exists with IDP. //If not, the consumer tries to make one with the Provider. //(creates one, stores it, and sends it to the IDP) function associate_mode() //After a secret is shared - send user to IDP and wait for answer function send_checkid() ////ID Provider\\\\ //IDP receives request for OpenID URL //checks if user is logged in and owns the oID URL function check_id(){ //If user doesn't own URL -> Return FALSE //If user is not logged in -> Return FALSE -> Send user to login form //If user is logged in and owns ID -> ask if allow this host -> Return Allow Host form -> TRUE/FALSE //(return user to return_to) } ////Consumer\\\\ //Get's response back from IDP function receive_response() //if shared secret for this server //verify secret using that cached secret -> 'WELCOME USER' //IF no secret function check_authentication() { //if valid return -> 'WELCOME USER' //IF false return -> 'Denied'; } } Quote Link to comment Share on other sites More sharing options...
conner_bw Posted November 6, 2008 Share Posted November 6, 2008 Hi, I'm the author of sux0r. Just letting you know that the OpenID 1.1 implementation is now stable. It acts both as a consumer and a provider, allowing to easily set up your own OpenID powered site, for example this is (one of) my OpenID URL. More info: http://www.sux0r.org/ Sourcecode: https://sourceforge.net/projects/sux0r/ Thanks. Quote Link to comment Share on other sites More sharing options...
Xeoncross Posted November 9, 2008 Author Share Posted November 9, 2008 Hey, I remember finding your system a couple months ago! Looks good, thanks for the link I'll check it out. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.