A BrowserID Demo-WordPress-Plugin

BrowserIDDemo.php

<?php
/*
Plugin Name: BrowserID Demo
Plugin URI: http://notizblog.org/2012/01/07/browserid-as-easy-as-copy-and-paste/
Description: a quick and dirty BrowserID-plugin
Version: demo
Author: Matthias Pfefferle
Author URI: http://notizblog.org/
*/

###################################################################################################
#                                                                                                 #
#  this is only a demo plugin, if you search for a fully functional                               #
#  BrowserID WordPress plugin, try this one: http://wordpress.org/extend/plugins/browserid/       #
#                                                                                                 #
###################################################################################################

// add the BrowserID javascript-code to the header
add_action('login_head', 'bi_add_js_header');
function bi_add_js_header() {
  echo '<script src="https://browserid.org/include.js" type="text/javascript"></script>';
  echo '<script type="text/javascript">'."\n";
  echo 'function browser_id_login() {
    navigator.id.get(function(assertion) {
      if (assertion) {
        window.location="' . get_site_url(null, '/') .'?browser_id_assertion=" + assertion;
      } else {
        // do nothing!
      }
    })
  };'."\n";
  echo '</script>';
}

// add the login button
add_action('login_form', 'bi_add_button');
function bi_add_button() {
  echo '<p><a href="#" onclick="return browser_id_login();"><img src="https://browserid.org/i/sign_in_blue.png" style="border: 0;" /></a></p>';
}

// add 'browser_id_assertion' as wordpress query var
add_filter('query_vars', 'bi_query_vars');
function bi_query_vars($vars) {
  $vars[] = 'browser_id_assertion';
  return $vars;
}

// the verification code
add_action('parse_request', 'bi_verify_id');
function bi_verify_id() {
  global $wp_query, $wp, $user;

  if( array_key_exists('browser_id_assertion', $wp->query_vars) ) {
    // some settings for the post request
    $args = array(
      'method' => 'POST',
      'timeout' => 30,
      'redirection' => 0,
      'httpversion' => '1.0',
      'blocking' => true,
      'headers' => array(),
      'body' => array(
        'assertion' => $wp->query_vars['browser_id_assertion'], // the assertion number we get from the js
        'audience' => "http://".$_SERVER['HTTP_HOST'] // the server host
      ),
      'cookies' => array(),
      'sslverify' => 0
    );

    // check the response
    $response = wp_remote_post("https://browserid.org/verify", $args);

    if (!is_wp_error($response)) {
      $bi_response = json_decode($response['body'], true);

      // if everything is ok, check if there is a user with this email address
      if ($bi_response['status'] == 'okay') {
        $userdata = get_user_by('email', $bi_response['email']);
        if ($userdata) {
          $user = new WP_User($userdata->ID);
          wp_set_current_user($userdata->ID, $userdata->user_login);
          wp_set_auth_cookie($userdata->ID, $rememberme);
          do_action('wp_login', $userdata->user_login);

          wp_redirect(home_url());
          exit;
        } else {
          // show error when there is no matching user
          echo "no user with email address '" . $bi_response['email'] . "'"; 
          exit;
        }
      }
    }
    
    // show error if something didn't work well
    echo "error logging in"; 
    exit;
  }
}

true, that's a good idea: http://de.gravatar.com/site/implement/profiles/json/

The development version does now fetch the display name from Gravatar (if there is no WordPress user).
Thanks for the link. Didn't know there was also a JSON service.

nice and your welcome :)