I thought that since I had done "something" with this previously, i'd open up some discussion as to tools and techniques for anyone who has the time and might be willing to publish an integration.
this OpenID class makes the job a whole lot easier.. if you don't use it, it's at the very least a valuable reference. The demo script (included) details how to set "required" (we need nickname and email. still needs server side valid.) fields as well as optional fields (timezone, gender, blah). After submitting your OpenID URL into the form, you'll either get some failure junk (try again) or a bunch of "requested/required" vars in the $_GET .. if there are no errors and all of your required/requested info is available, go to the database to see if there is a user by that nickname (openid_identity URL) and email (and that no other users possess either/or), if so, log them in, if not create the account then log them in in one swoop.
OpenID is not an authentication system. it's an identity system. if it were to be used as an authentication method, i'd recommend setting up a restrictive (untrusted) group specifically for OpenID users.. if you set up another table to track their logins, you could move them out of the untrusted group after a designated "trial" period.
that's all i've got.. maybe it's useful.
edited by: InvalidResponse, Mar 10, 2007 - 02:50 PM
Forum Activity
- mdee responded to »Different page content under one template (tpl file) based on URL« 07:17 AM
- Guite responded to »Remove contents of nuke_sc_anticracker from Database« 01:30 AM
- espaan responded to »Categories disappear when editing ...« 08. Feb
- eledril responded to »How decrease zikula cpu usage« 08. Feb
- jmvaughn responded to »PN 0.764 to Zikula 1.1.2 (migration) Internal Server Error« 08. Feb
- eledril created topic »Where can I download BBCode and BBSmile?« 08. Feb
- Paustian responded to »Need Feedback« 08. Feb
Zikula Blog
- Anatomy of Open Source Projects on Mar 07
- Continuous Review on Mar 01
- Not Invented Here on Feb 24
- How to Contribute Your Code at Github on Jan 13
- 10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
- Submitting Bug Report Tickets That Get Results on Aug 17
- Cozi Tricks #1: Syntax Highlighting on Aug 07
Login
OpenID Integration
-
**unknown user**
- Rank: Senior
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 2204
Posted: Mar 07, 2007 - 10:34 PM
-
- Rank: Software Foundation
- Registered: Sep 03, 2002
- Last visit: May 09, 2010
- Posts: 909
Posted: Mar 07, 2007 - 11:12 PM
I found a screencast explaining, how OpenID really works. And it looks quite interesting to me:
http://simonwillison.net/2006/openid-screencast/
IMHO OpenID-users are as trustworthy as any other. You can always use some e-mail and register...
--
best regards from Kiel, sailing city
Steffen Voss
Member of the Zikula Steering Committee
Read The Zikulan's Blog "If you want people to RTFM, make a better FM!" -
**unknown user**
- Rank: Senior
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 2204
Posted: Mar 08, 2007 - 06:52 AM
Hi Steffen,
Quote
IMHO OpenID-users are as trustworthy as any other. You can always use some e-mail and register...
It depends. if the authentication is based off of a user name and an email address, it's very easy to create a new "persona" (same nick name with the same email address) to authenticate against and access someone else's account.. using the OpenID (URL) as the user name is more unique than a nickname (ie: johndoe vs. johndoe.myopenid.com) .. also, you are allowed to edit/change your persona/nickname at any time, making it even less reliable, whereas the URL is more "permanent" and unique... it's also the entry point for the user where their password is required to approve the login.
..should be pretty straight forward, particularly with the multiple auth systems in .8. -
- Rank: Software Foundation
- Registered: Sep 03, 2002
- Last visit: May 09, 2010
- Posts: 909
Posted: Mar 08, 2007 - 07:30 AM
There should not be a johndoe and a johndoe.myopenid.com - johndoe.myopenid.com is the login-name for the user johndoe, isn't it?
--
best regards from Kiel, sailing city
Steffen Voss
Member of the Zikula Steering Committee
Read The Zikulan's Blog "If you want people to RTFM, make a better FM!" -
**unknown user**
- Rank: Senior
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 2204
Posted: Mar 08, 2007 - 08:14 AM
when you setup the account, it's johndoe, but you can edit the persona changing johndoe (nick name) to johnsmith.. even the email. you can create various personas with different names and email addresses after the initial account creation.. so the only "truly" authentic identifier is the OpenID URL, which the initial username (nick) remains part of ..
PS: openid_identity (the users ID server/thingy) is always present in the return parameters after they authenticate.
edited by: InvalidResponse, Mar 08, 2007 - 11:51 PM -
**unknown user**
- Rank: Senior
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 2204
Posted: Mar 08, 2007 - 06:15 PM
well, i decided i'd poke at it and build an auth module for .8 .. the uname field is too small to accomodate the openid_identity, so I had to make that larger (since users can't change that field) .. there's also a check on the uname and email fields that prevent it from being a standard auth module..bummer. so it ends up being a hack, but whatever. if anyone wants to finish it off, take a look at it, or whatever, you can find it here .. it's a working POC, but it's ugly, just the basics.. definitely do not install on a live site ..
ps: read the top of the pnuser.php file
edited by: InvalidResponse, Mar 10, 2007 - 02:51 PM
- Moderated by:
- Support
