I've been banging my head against the wall trying to add openid to my PHP webapp, but none of the libraries provided seem to do it in a clean and simple way.
Is there any way to implement openid SSO without being forced into more design choices than is necessary?
The janrain library - being the most popular - is also the most unwieldy, although it seems to be the only one getting significant maintenance. Aside from lacking a clear and simple tutorial, it also imposes some strange filesystem requirements and code dependencies.
Any and all suggestions are welcome. I realize I'm interacting with other servers and that redirects and callbacks are required. Please bear in mind, this isn't my main complaint, I understand the nature of what I'm working with.
I just wish it was easier and more clearly laid out!
If you're using PHP5, I suggest trying LightOpenID.
I use the Zend openid library (best of a bad bunch), but it doesn't support all the latest openid features - not found a perfect implementation yet tbh..
Tutorial describes how to implement Google login( yahoo,etc only just change the URLs, source code is same) in PHP using LightOpenID.
Related
My question is rather simple. Is there a system for CodeIgniter that allows both local and 3rd party login? (Such as FB/Twitter/Google etc.)
I've tried A3M but it's hard to use and requires tinkering before it will even work out of the box, as is the case with outdated software.
My current solution is flexi auth, however it doesn't offer 3rd party login at all, and after an email to the developer it doesn't look like he's planning on integrating it anytime soon.
So does anyone know of a good system that is up-to-date and provides both 3rd party and local login?
If there isn't one, what other PHP framework does have such a package?
Edit for Clarity: I'm looking for a system that does both these things. While I appreciate the answers and comments with systems that I can integrate myself, the end result of that will be shaky at best. There's gotta be someone who's done this before, all integrated into one package so it's designed to work together.
I was also looking for something like this just a month ago, but unsuccessfully. The only framework that has it all integrated in a simple way that I have seen is meteor, but it is not a PHP framework.
I had to do it myself by wrapping different PHP libraries in CI libraries. The source code is on github: CI Twitter and Who You Meet (a live web app), that has Twitter, LinkedIn and Facebook authentication and also a lot of local authentication logic with email verification and password recovery.
I know it can be considered a shameless promotion, but I hope it is useful. Although it is not exactly what you are looking for, it seems to be rather stable, so feel free to re-use it.
Maybe you will have time to extract all this logic in a standalone library (like I did for twitter) for other folks to use :)
If you want a CI OAuth2 implementation you can use this library which is both client and server:
https://github.com/alexbilbie/CodeIgniter-OAuth-2.0-Server
Otherwise for OpenID use this library:
https://github.com/EllisLab/CodeIgniter/wiki/OpenID
I have tried googling a lot but couldn't find a library which can provide me single-sign on feature for my website.
I am looking for similar script like stackoverflow is using for facebook, twitter, google, openid etc...
I have tried hybridauth, http://hybridauth.sourceforge.net/ but it's not working for me.
Could you guys please suggest me other alternatives?
I've seen several website using this library : http://www.janrain.com/products/engage
(formerly https://rpxnow.com/)
I have not personally tried..
Why not OpenID itself? I heard good thing about it, and the same, as you specified, SO use it. There's an OpenID website that keep track of all libraries found from official OpenID team of third-part solution that you can find here: http://openid.net/developers/libraries/.
Choose what suits best your needs.
Notice that they warn you:
We have setup a code repository for gathering libraries and other supporting examples. While several of these libraries have been tested, they are maintained by members of the OpenID community and are not necessarily known to work.
I know this question has been asked before, but I haven't found any answers that seem ideal.
I have a php app that needs a login system. I'm no crypto expert by any means, and I am wary of reinventing the wheel, which has doubtless been invented many times already, and very well.
I'm wondering if anyone is aware of a good authentication component which can easily be integrated into an existing script, which adheres to all best practices and which, when combined with an ssl login, will satisfy all reasonable requirements for being secure.
I would prefer a stand-alone component, as opposed to having to setup an entire framework of some sort. (The rest of the app does not use a framework, and I dislike the idea of having to use one, just for auth.)
Thanks for your help,
Why not use LDAP ?, it's standard, secured and fairly easy.
https://web.archive.org/web/1/http://articles.techrepublic%2ecom%2ecom/5100-10878_11-5032010.html
Zend Framework is designed so you can use individual components without using the MVC part of the framework. You can use the authentication module (zend_auth) which has only one hard dependency (zend_exception). You might want to use zend_acl, zend_session (requires zend_loader) and/or zend_db (requires zend_config, zend_registry, zend_loader) too depending on your scenario.
Check out this article. The system works great and it's amazingly well thought out.
http://www.devarticles.com/c/a/JavaScript/Building-a-CHAP-Login-System-An-ObjectOriented-Approach/
I'm working on the login system for a php web app. I'm aware of the dangers of rolling your own system, so I'm hoping to use a pre-built library of some kind.
I have seen zend_auth recommended in several places. I have also heard that zend_auth can be used independent of the rest of the Zend framework. This would be preferable, as my app does not rely on any frameworks, and I am reluctant to install an entire framework purely for auth.
I have no previous experience with Zend and I am finding the documentation in the manual a bit confusing. I am wondering: Does anyone know of any resources that would be helpful in explaining how to set up a simple authentication system based on zend_auth but that does not rely on the rest of the Zend framework?
Thanks for your help,
I'm aware of the dangers of rolling your own system
...
I am finding the documentation in the manual a bit confusing
Then it's not the right solution for exactly the reasons you've stated. If you don't understand how to use it properly it will never be secure and you can't provide any warranty that it is fit for purpose.
You might consider paying Zend for a support contact and asking for help.
There are other issues with using off the shelf code. If there is a defect in it, its difficult to identify, difficult to resolve, then difficult to merge back the vendors fixes. Also, while really this is really an argument for security by obscurity (and therefore not a well grounded one) the code you write is not visible to any potential attacker until you publish it (if ever) whereas using an off-the shelf product supplied as source, if there is a vulnerability then any script kiddy can run an attack against your site.
C.
the most important thing for a secure authentication/autorization is the concept where the whole application has only a sinlge entry point like an index.php everything is rewrited to. otherwise you have to care for each file beeing called to properly include and check the authorization etc.
zend_auth itsself won't really give you an extra security. it's more like an interface wich can be connected to anything. so what it does is mostly that your application(s) always use the same code for authentication/authorization but can rely on different data.
I'm about to start a new PHP project and I'm going to need to make use of 3rd party forum software.
What's the best way to tackle integration of the forum into my code? Things like user authentication, having the user only have to login once, etc.
I'll be using the CodeIgniter framework if that is of any help. I found the article on integrating Vanilla with CL Auth & CodeIgniter but it wasn't to my liking at all.
Does anyone have any specific recommendations on PHP forum software? I'm open to any suggestions or pointers/help.
In my experience Simple Machines Forums is relatively easy to integrate into existing code.
What comes to authentication, it may be easiest for you to use the forum's authentication in your application, rather than attempting to use your application's authentication in the forum. It doesn't matter which forum you choose to use - this is usually the esiest way, since forums tend to have complex code related to auth and access, which can be tricky to modify to use some other system.
I'm not real familiar with any particular forum software, but my advice when using and integrating 3rd party software is to try and abstract out the specifics as much as possible from your main code base.
Wrap your forum library calls for things such as authentication, etc so that if you need to later change your forum software, you can limit the scope of the changes.