I've been looking at implementing OpenID authentication to one of my websites and want to find the best possible solution to make it as easy as possible for users to sign up / in.
Through my long searches on Google I found a few sites that have already covered this in quite a bit of detail; Usability Research on Federated Login written by Google, so feel that they are pretty trustworthy design patterns for a best use scenario.
Now in coming to implement this I have found very little PHP support for logins that are done in this manner; the user only has to type in an email address and all of the OpenID details are found automagically. It should also be compatible with Google Apps addresses.
Google provided a link to a great example of this in action http://www.puffypoodles.com/lso2 but although its source code is available to download, it's written in Java, which I'm far from familiar with!
So I was wondering if anyone had found a good PHP implementation that functioned in this manner. php-openid seems too bloated, lightopenid looks great, but doesn't support this functionality.
Thanks
I'd just like to point out that LightOpenID now comes with an example provider script you might use as a base.
Related
I'm trying to understand the use cases for which implementing oAuth as a service provider is the way to go. It seems that implementing an oAuth service is a lot of work, so I don't want to go through the trouble just to discover I was barking up the wrong tree. Any examples of such use cases to help me wrap my head around when to use or not use oAuth?
This question is related to another question I asked but they deserved to be separate questions. I provide detail on my specific use case here:
Implementing access with oAuth or other
OAuth is typically used when you want to provide a single point of authentication for multiple services, or if you want to integrate an application with an existing authentication service; e.g., if you wanted your users to log in with their Twitter account information.
In my experience, the only time I've had reason to implement an OAuth authentication service was because we had 3 very different applications running on different platforms (JBoss, LAMP, and ASP.NET) on different servers. To compensate for different databases and different technologies, we settled on an OAuth implementation and centralized authentication to one point. It also provided an excellent means of securing user information between servers; data is encrypted between OAuth Server and Client, making it harder to jeopardize.
It really depends on what you're trying to do. If you're just talking about one application, then OAuth is definitely too much too soon. If you're talking about a few applications that run on the same technologies, then you may or may not have to go with OAuth; you could just use the existing data store to authenticate with. If you're looking to scale out to multiple systems, or you're thinking of implementing a single sign-in type of service, then OAuth is definitely a consideration.
OAuth has a few things going for it:
1) OAuth is a fairly well known standard, which means there is quite a bit of information available about it, code libraries in a variety of languages and platforms, etc. This may be the most important aspect if you are trying to get widespread adoption of your site/service (ala Twitter, FB, etc)
2) OAuth has been reasonably validated from a security perspective so you don't have to worry (too much) whether it is conceptually sound. Your implementation of course is another matter...
3) As mentioned by others, OAuth is well suited for distributed/federated scenarios. This allows you to outsource the authentication responsibility (for example, Microsoft's Azure can do OAuth authentication on your behalf) and/or share credentials across multiple services.
Hope this helps!
I want to integrate openid authentication into my php application. It must support authentication from yahoo, google, aol, msn/hotmail/live (not sure if its support openid).
I have tried searching google and have been able to come up with anything useful. I will really appreciate advises and links to good tutorials.
Thanks in anticipation.
This looks like a pretty solid tutorial covering the Google part.
Googling for 'php openid implementation tutorial' yields lots of relevant links.
Good luck!
Take a look at Janrain Engage. With the free version you can choose 6 different providers.
EDIT:
They provide an single API for authentication using OpenID and other authentication methods. Services like Twitter, Facebook and Windows Live don't use OpenID but some other method (i.e. Twitter uses something based on OAuth). Instead of implementing every method yourself you can use one single unified API.
I absolutely love StackOverflow's usage of OpenID for registration. How would I go about adding this to my site? It is PHP based. I went to openid.net and looked at the libraries there, but could find little in the way of documentation or examples.
This tutorial was helpful for a previous project I worked on using PHP and OpenID. It has an example app.
http://devzone.zend.com/article/3581
(source: zend.com)
Documentation and examples.
OpenID is great, but have one big disadvantage. Let's imagine that I'm having Google account and Yahoo account. I will login using Google and then I will try to login using Yahoo. And it will be different accounts; it's really difficult to remember what openID provider I was using for registration... So, be careful with OpenID on entertainment websites, but it is still ok for developers websites.
Check OpenId class from Zend Framework.
The question Is there a simple way to implement the login system that stackoverflow uses using php?
For a long time I have developed websites, and have used a typical web form username/password with a mysql db for login systems.
I would like to have it so users can log into the system using google, yahoo, facebook, etc, and without them having to remember some long openid url (they should just click google and be able to log in using their username/password there).
I would prefer not to use a service provider (such as RPX) to implement this.
If you want to implement it yourself, here is a great walkthrough. There's also the PHP OpenID Library, but that's probably a lot more than you need.
Here is the client-side OpenID selector that SO uses on its login screen.
Edit: Stack Overflow no longer uses the one that I linked to, but it still works, as far as I'm aware.
Check which pages clicking those buttons sends you to and then just redirect your users to those pages. They are all "openid" providers so you just need an open id library on your end to verify the response.
I use this one in PHP http://openidenabled.com/php-openid/. They have some good examples in that package to get you started.
If you're looking at using preexisting code, the Zend Framework provides OpenID support. While the library itself is fairly large, you should be able to individual components in a relatively stand-alone way.
Is stack overflow using https://rpxnow.com/ for login in using different services? If so, is it good, and does it have good (preferable free, preferable with PHP API) alternatives?
What I'm looking for is a login page which would allow users to login using major web open-id providers + Facebook connect.
No, StackOverflow does not use RPXNow. And if you choose to use it be careful to avoid its pitfalls.
I suggest you just accept OpenID, which covers many, many Providers (who uses Facebook but doesn't use one of Google, Yahoo, and (soon) Microsoft?). Besides, I expect as an OpenID supporter, Facebook will eventually become an OpenID Provider too. So I suggest you save yourself the trouble and just support OpenID using one of the PHP OpenID libraries since that is your language.
i remember signing up for RPX and being able to easily find a PHP example on their site.
Also, I don't believe stack overflow uses that, but i could be wrong
For completeness, www.clickpass.com is very similar to RPXNow. However, it also has it's detractors. http://notsorelevant.com/2008-03-11/clickpass-i-dont-get-it/