Skip to content

Instantly share code, notes, and snippets.

@erikeldridge

erikeldridge/openid_debug_util.php

Created May 15, 2010 00:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save erikeldridge/401887 to your computer and use it in GitHub Desktop.
Save erikeldridge/401887 to your computer and use it in GitHub Desktop.
Download ZIP
PHP code for OpenID authentication w/ debug output
Raw
openid_debug_util.php
<?php // simple code to require OpenID authentication on a page
/*
Requirements:
* PHP 5
* OpenID Enabled PHP library (http://openidenabled.com/php-openid/)
Usage:
1) Put this code in a file on your server
2) Load the page in a browser
3) Log into Yahoo! after being redirected
*/
//suppress warnings caused by php openid lib as we need to redirect
error_reporting(E_ERROR | E_PARSE);
//php openid lib requires session
session_start();
//ammend include path so we can include files consistently
$includePath = get_include_path().PATH_SEPARATOR.'php-openid-2.1.3';
set_include_path($includePath);
//include openid files
//get openid lib from http://openidenabled.com/php-openid/
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/AX.php";
//init basic openid auth url generation
$openidFileStore = new Auth_OpenID_FileStore('/tmp/');
$openidConsumer =& new Auth_OpenID_Consumer($openidFileStore);
//safely fetch input
$filters = array(
'openid_identity' => FILTER_SANITIZESTRING,
'openid_mode' => FILTER_SANITIZESTRING
);
$input = filter_var_array( $_REQUEST, $filters );
//settings
$realm = 'http://example.com';
$openidProvider = 'http://yahoo.com/';
//if we're in return_to, and there is an openid assertion param in the url, verify response
if ( 'id_res' == $input['openid_mode'] ) {
// verify w/ an association http://openid.net/specs/openid-authentication-2_0.html#verifying_signatures
$assertion = $realm.$_SERVER['REQUEST_URI'];
$verification = $openidConsumer->complete( $assertion );
if ( 'success' != $verification->status ) {
var_dump( $verification );
}
// verify directly http://openid.net/specs/openid-authentication-2_0.html#check_auth
parse_str( $_SERVER['QUERY_STRING'], $parsed );
$parsed['openid_mode'] = 'check_authentication';
$find = array('openid_', 'auth_level_nist');
$replace = array('openid.', 'auth_level.nist');
$url = 'https://open.login.yahooapis.com/openid/op/auth?'.str_replace($find, $replace, http_build_query($parsed));
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$resp = curl_exec($ch);
curl_close($ch);
// format assertion for display
$parsed = parse_url( $assertion );
parse_str( $parsed['query'], $parsed['query'] );
//if not, generate log in url
} else {
$openidAuthRequest = $openidConsumer->begin( $openidProvider );
$openidLoginRedirectUrl = $openidAuthRequest->redirectURL(
$realm,
$realm.$_SERVER['REQUEST_URI']
);
$parsed = parse_url( $openidLoginRedirectUrl );
parse_str( $parsed['query'], $parsed['query'] );
// header( 'Location: '.$openidLoginRedirectUrl );
}
header('Cache-Control: no-cache, must-revalidate');
?>
<? if( $input['openid_identity'] ): ?>
<p>Here's the openid assertion:</p>
<p>Raw:<br/>
<a href="<?= $assertion ?>"><?= $assertion ?></a>
</p>
<p>Parsed:
<pre><? print_r( $parsed ) ?></pre>
</p>
<p>Here's the url for direct verification:</p>
<p>Raw:<br/>
<a href="<?= $url ?>"><?= $url ?></a>
</p>
<p>Here's the direct verification response:
<pre><? print_r( $resp ) ?></pre>
</p>
<? elseif( $openidLoginRedirectUrl ): ?>
<p>Here's the openid auth url:</p>
<p>Raw:<br/>
<a href="<?= $openidLoginRedirectUrl ?>"><?= $openidLoginRedirectUrl ?></a>
</p>
<p>Parsed:
<pre><? print_r( $parsed ) ?></pre>
</p>
<? endif ?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment