I'm implementing an OpenID consumer, and utilizing the JanRain classes (2.2.2) is failing out of the box. Specifically, I'm seeing the following symptoms:
The consumer isn't able to correctly identify the openid_mode parameter
The consumer has trouble finding the return_to variable
I'm fairly certain CakePHP is causing the issue, as the sample code in the JanRain consumer example works fine, but it fails as soon as it's placed within a CakePHP controller.
I have noticed that CakePHP's dispatcher sets a $_GET[url] parameter that confuses the JanRain validation, but I've been able to get around that one (by unsetting $_GET['url']). I'm hoping someone out there may have a short list of tips/techniques to get CakePHP to play friendlier with the JanRain code.
I'm sorry I don't quite understand your problem, but since I am successfully using the JanRain plugin for quite a while now, here is at least one tip I remember from when I set it up : Try lowering your CakePHP security setting from "high" to "medium" or even "low", at least for testing purposes.
If it doesn't help, and you think you know what part of your code is causing the issue, let me now, I'll provide you with my sources.
Try the OpenID component for CakePHP linked here which is regularly updated and works
Ensure you have lib CURL and openssl extensions enabled
Related
I have struggled with google's php library, the latest version of which is available on their own website. While the simple google plus example they provide works fine (it's a basic login with GET features), there is no way to add a moment activity via app in php - at least not for me.
Their own example isn't working (the example can be retrievd in the library: examples/moments/simple.php)
Someone provides an answer here but the button demo they provide isn't working either if I press (authorization is fine, posting produces no action.
Does anyone have a suggestion on how to change their own php file so to make it work? I tired removing all the code and resetting it to the basic action: at least I am not getting oauth or php errors, but the file produces no action.
I understand that posting moments in php is not currently supported, but I have a web app and android implementation wouldn't work for me I think.
At the moment you need to get the library from the trunk, you can find instructions here.
This gist documents how to request permission and write activities.
The old moments api has been deprecated and those samples are for the old API, I'll remove them from the codebase as soon as possible. Thanks for raising this question!
My question is rather simple. Is there a system for CodeIgniter that allows both local and 3rd party login? (Such as FB/Twitter/Google etc.)
I've tried A3M but it's hard to use and requires tinkering before it will even work out of the box, as is the case with outdated software.
My current solution is flexi auth, however it doesn't offer 3rd party login at all, and after an email to the developer it doesn't look like he's planning on integrating it anytime soon.
So does anyone know of a good system that is up-to-date and provides both 3rd party and local login?
If there isn't one, what other PHP framework does have such a package?
Edit for Clarity: I'm looking for a system that does both these things. While I appreciate the answers and comments with systems that I can integrate myself, the end result of that will be shaky at best. There's gotta be someone who's done this before, all integrated into one package so it's designed to work together.
I was also looking for something like this just a month ago, but unsuccessfully. The only framework that has it all integrated in a simple way that I have seen is meteor, but it is not a PHP framework.
I had to do it myself by wrapping different PHP libraries in CI libraries. The source code is on github: CI Twitter and Who You Meet (a live web app), that has Twitter, LinkedIn and Facebook authentication and also a lot of local authentication logic with email verification and password recovery.
I know it can be considered a shameless promotion, but I hope it is useful. Although it is not exactly what you are looking for, it seems to be rather stable, so feel free to re-use it.
Maybe you will have time to extract all this logic in a standalone library (like I did for twitter) for other folks to use :)
If you want a CI OAuth2 implementation you can use this library which is both client and server:
https://github.com/alexbilbie/CodeIgniter-OAuth-2.0-Server
Otherwise for OpenID use this library:
https://github.com/EllisLab/CodeIgniter/wiki/OpenID
I've been banging my head against the wall trying to add openid to my PHP webapp, but none of the libraries provided seem to do it in a clean and simple way.
Is there any way to implement openid SSO without being forced into more design choices than is necessary?
The janrain library - being the most popular - is also the most unwieldy, although it seems to be the only one getting significant maintenance. Aside from lacking a clear and simple tutorial, it also imposes some strange filesystem requirements and code dependencies.
Any and all suggestions are welcome. I realize I'm interacting with other servers and that redirects and callbacks are required. Please bear in mind, this isn't my main complaint, I understand the nature of what I'm working with.
I just wish it was easier and more clearly laid out!
If you're using PHP5, I suggest trying LightOpenID.
I use the Zend openid library (best of a bad bunch), but it doesn't support all the latest openid features - not found a perfect implementation yet tbh..
Tutorial describes how to implement Google login( yahoo,etc only just change the URLs, source code is same) in PHP using LightOpenID.
I'm working on the login system for a php web app. I'm aware of the dangers of rolling your own system, so I'm hoping to use a pre-built library of some kind.
I have seen zend_auth recommended in several places. I have also heard that zend_auth can be used independent of the rest of the Zend framework. This would be preferable, as my app does not rely on any frameworks, and I am reluctant to install an entire framework purely for auth.
I have no previous experience with Zend and I am finding the documentation in the manual a bit confusing. I am wondering: Does anyone know of any resources that would be helpful in explaining how to set up a simple authentication system based on zend_auth but that does not rely on the rest of the Zend framework?
Thanks for your help,
I'm aware of the dangers of rolling your own system
...
I am finding the documentation in the manual a bit confusing
Then it's not the right solution for exactly the reasons you've stated. If you don't understand how to use it properly it will never be secure and you can't provide any warranty that it is fit for purpose.
You might consider paying Zend for a support contact and asking for help.
There are other issues with using off the shelf code. If there is a defect in it, its difficult to identify, difficult to resolve, then difficult to merge back the vendors fixes. Also, while really this is really an argument for security by obscurity (and therefore not a well grounded one) the code you write is not visible to any potential attacker until you publish it (if ever) whereas using an off-the shelf product supplied as source, if there is a vulnerability then any script kiddy can run an attack against your site.
C.
the most important thing for a secure authentication/autorization is the concept where the whole application has only a sinlge entry point like an index.php everything is rewrited to. otherwise you have to care for each file beeing called to properly include and check the authorization etc.
zend_auth itsself won't really give you an extra security. it's more like an interface wich can be connected to anything. so what it does is mostly that your application(s) always use the same code for authentication/authorization but can rely on different data.
I'd have thought this would be a native feature (seeing as joomla allows you to connect contacts with user accounts) but we can't find any way to do this!
Does anyone know of any extensions/modules that would allow this?
I'm not so hot on PHP so i'd really love to not have to code this by hand!
This is an old thread, but since it is still opened maybe you haven't found a solution yet. I faced the same problem myself and I think having the ability to manage contacts from the frontend is an essential feature for Joomla! to become more usable as a simple webapp creation tool.
Anyway, there are a couple of extensions that might help you out. However, both are commercial and don't support Joomla! 1.6. Here they are:
Front-edit address book: simple
interface. Note, however, that there
might be a security issue with
it. Google "front-edit address book exploits" and you shall find it (sorry, stackoverflow lets me post a max of 2 links per thread since I'm a new user). I emailed the developer and he assured me that the problem was already fixed, though.
Grumpy contacts: on the demo site (there's a link at the page I pointed you to), it looked a little messy to my taste. In the Joomla! Extensions Directory, however, it has good reviews.
I never used any of those since all my projects are already migrated to Joomla! 1.6.
If you found another alternative in the meantime or even developed something yourself, please let me know.
Do you try in the user menu?
Another option would be install Community Builder.
Good luck!
Contacts in Joomla are handled by the builtin com_contacts compoment which provides basic functionality for adding contacts and some basic info from the back-end.
QContacts is a wonderful extension which gives you some more control over the data you can provide, but still no front-end support.
Unfortunately I am tackling this issue as well and it turns out there are no real out-of-the-box options for supporting front-end editing of contact details.