I am using sfOpenID plugin for Symfony, which doesn't support OpenID 2.0. That means, for example, that people using Yahoo! OpenID can't login to my site.
There is an OpenID 2.0 plugin that works with sfGuard, but I am not using nor planning to use sfGuard. Plus, it requires to install Zend framework, too, which is an overkill in my scenario.
So I've got two questions, really:
is there another OpenID plugin for Symfony supporting OpenID 2.0?
what would be the hack required to make sfOpenID support OpenID 2.0?
I suppose I could study OpenID specs and hack it myself, but then, I am a lazy programmer :)
I think you've covered all your options with sfOpenID and taOpenIDsfGuardPlugin for Symfony's plugins.
Without studying OpenID's specs in detail though, you could try one of those PHP libraries (http://wiki.openid.net/Libraries) by dropping it in your lib and connecting to a sfUser, or whatever you're using for authentication. There is also the OpenID Enabled library (http://openidenabled.com/php-openid/) which still uses PHP4 although compatible with PHP5 if you tweak the error reporting level to exclude some warnings.
There are a few tutorials out there that explains how to enable OpenID on your site with PHP: http://www.saeven.net/openid.htm or http://www.plaxo.com/api/openid_recipe.
And better yet, use this knowledge to make a sfPlugin out of it afterwards.
There is an easier way. JanRain offers OpenID (and facebook) as a service http://rpxnow.com . Vastly easier/quicker than going native with the libraries.
i had ( and i'm still having ) the same problem. Firstly there isn't any php5 openid library that is feature complete. The only one was abandoned for the one shipped with Zend Framework.
So you either write your own ( don't recomend , lot of work ), or use the one from Zend ( that is what i Use).
The problem is that it is heavily embeded into Zend and requires lots of ZF stuff.
Maybe i will publish a plugin similar to taOpenIDsfGuardPlugin but for use withouth sfGuard, because it's often asked for ( and i will need it for my future projects ;))
Related
Whenever I Google things like "php authentication library" I continue to come up with a ton of results of authentication libraries designed for Code Igniter.
What I am looking for is things like the following,
A robust library that handles login, logout, registration, login retrieval etc...
Very secure authentication possibly using sha-256+?
Library that can be integrated into any code, framework or not
Active project and community so that I can rely on it in the future.
Compatible with MySQL
Maybe some things I do not know about?
I am hoping my answer fits your needs , its in two parts :
1- Zend Acl + Zend + Auth :
very robust code and 100% unit tested
it could support any encryption method or create your own method
it can support any backend you like [mysql , msssql , or even a session based auth]
custom acl to fits your application needs
you may choose php5.2 version = ZF 1.11 or the php5.3 = ZF2 beta released the last week
in ZF2 beta you could use the pyrus to package the required classes only , not the whole library http://zend-framework-community.634137.n4.nabble.com/Packaging-and-distribution-of-ZF2-td3597632.html
its very active project
2-symfony2 security component :
in sf2 you combine the [ACL , AUTH] in very powerful library called security
symfony2 has the support of bundles , and the FOS UserBundle its the ideal match for my usage
you can use it in your own project as its
Symfony's security component is available as a standalone PHP library for use inside any PHP project. http://symfony.com/doc/2.0/book/security.html
it support many backend solutions , they called providers you my see even create your own custom provider
you can even create many protected areas , in case you need it via firewalls , its basically as DMZs
support any encryption method you might need , or create your own
its very active project too
probably you can try this link: php user authentication libraries / frameworks ... what are the options?
zend_auth & codeigniter
it seems that the zend framework has good tools but it is overkill to do authentication only
ulogin, http://ulogin.sourceforge.net/
using social media login might also be another way
I've been banging my head against the wall trying to add openid to my PHP webapp, but none of the libraries provided seem to do it in a clean and simple way.
Is there any way to implement openid SSO without being forced into more design choices than is necessary?
The janrain library - being the most popular - is also the most unwieldy, although it seems to be the only one getting significant maintenance. Aside from lacking a clear and simple tutorial, it also imposes some strange filesystem requirements and code dependencies.
Any and all suggestions are welcome. I realize I'm interacting with other servers and that redirects and callbacks are required. Please bear in mind, this isn't my main complaint, I understand the nature of what I'm working with.
I just wish it was easier and more clearly laid out!
If you're using PHP5, I suggest trying LightOpenID.
I use the Zend openid library (best of a bad bunch), but it doesn't support all the latest openid features - not found a perfect implementation yet tbh..
Tutorial describes how to implement Google login( yahoo,etc only just change the URLs, source code is same) in PHP using LightOpenID.
I need a php lib that can auth using OpenID against sites offering this service, like Google, Yahoo, Wordpress, etc...
Anyone used any lib that actuallly works? I've tryied a few but couldn't get any to auth against Google, Yahoo, or Wordpress.
I would highly recommend LightOpenID by Mewp. It comes with a great example and has no unusual dependencies (the only requirement you need to be aware of is that of the CURL PHP extension). It's entirely self-contained, it's only one file, and the code is very readable. There are more tasty details.
Zend.OpenID
With Zend Framework, you can simply use the Zend_OpenID component without having to use the MVC functionality or any configuration files that are not concerned with OpenID
phpOIDC implements both consumer and provider for OpenID connect.
OpenID connect is a new spec that was released in 2014 and is worth looking at.
I'm new to php. I've been looking at php login tutorials but they all seem relatively insecure. I would prefer to use a php authentication api or framework. Does anyone know what I can use to implement robust login functionality into my site?
This is a good intro article:
http://net.tutsplus.com/tutorials/php/user-membership-with-php/
There's also a couple of libraries out there for OpenID that were brought up on SO recently:
How do I implement Direct Identity based OpenID authentication with Zend OpenID
PHP library for openID
The Zend framework is good if you want to have a lot of pre-buildt libraries, but be free to mix and match with your own or third-party. The Zend framework includes Zend_Auth, which is complete and ready for use.
About to start working on a social networking site, but I'd like to incorporate OpenID logins.
The JanRain plugin is packed in Debian, but seems flakey, and my brief interactions with it so far have not gone well. There's a bunch of others out there, but which ones are people using in production?
The OpenID Wiki has a great list of libraries available for PHP. Always begin your searches in the official documentation.
I have personally used and recommend EasyOpenId (requires PHP OpenID).
See PHP library for openID for a list of other PHP OpenID libraries.
I personally use the PEAR OpenID library.
I've used the Zend_OpenID library from the Zend Framework and had good success with that. Very easy to setup and very easy to use. Their documentation on it is pretty extensive as well and comes with some good code samples that should show you everything you need to know. I used this briefly on one of my sites I was working on and only removed it because users didn't like OpenID in general. But the implementation was quick and easy.
Zend Framework OpenID Documentation