3

Is there a way to authenticate using LightOpenID library using POST method? To be exact, after authenticating, Google (for example) returns to specified URL but all data is sent to me using GET method, which ends up in ugly and long URL.

My code is:

define('BASE_URL', 'http://someurl.com');

try {
    $openid = new LightOpenID();

    if (!isset($_GET['openid_mode'])) {
        // no openid mode was set, authenticate user
        $openid->identity = 'https://www.google.com/accounts/o8/id';
        $openid->realm = BASE_URL;
        $openid->required = array('contact/email');

        header('Location: '.$openid->authUrl());

    } else if ($_GET['openid_mode'] == 'cancel') {
        // user canceled login, redirect them
        header('Location: '.BASE_URL);

    } else {
        // authentication completed, perform license check
        if ($openid->validate()) {
            $openid->getAttributes();
        }
    }

} catch (ErrorException $e) {

}

So after authentication OP returns to url that looks something like this:

http://someurl.com/index.php?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://www.googl...

And I want the OP to return to:

http://someurl.com/index.php

and send all the data using POST not GET.

MeanEYE
  • 967
  • 8
  • 24
  • If your main concern is the URL looking nice, just have your endpoint redirect to something sane after grabbing all the data. While LOID supports POSTs, I doubt every OID provider is quite as flexible. – tadamson Feb 09 '11 at 16:13
  • Well I think Google should be the on to support it. How do you specify in LOID to use POST? – MeanEYE Feb 10 '11 at 10:03

2 Answers2

1

I've been working on the same. See the code below. I think this should help.

<?php 
require 'lightopenid/openid.php';
try {
    $openid = new LightOpenID;                       
    if(!$openid->mode) {
        if(isset($_GET['login'])) {
            $openid->identity = 'https://www.google.com/accounts/o8/site-xrds?hd=yourdomain.com';         
        $openid->required = array('namePerson/friendly', 'contact/email' , 'contact/country/home', 'namePerson/first', 'pref/language', 'namePerson/last'); 
            header('Location: ' . $openid->authUrl());    
        }
?>
<form action="?login" method="post">
    <button>Login with Google</button>
</form>
<?php
    } elseif($openid->mode == 'cancel') {
        echo 'User has canceled authentication !';
    } else {
        session_start();
        $fname = $openid->ret_fname();                        // setting session
        $lname = $openid->ret_lname();                        // setting session
        $email = $openid->ret_email();                        // setting session
        $_SESSION['admin']['name'] = $fname.' '.$lname;       // setting session
        $_SESSION['admin']['emailID'] = $email;               // setting session

        header('Location:approve.php');  // PUT YOUR PAGE/URL HERE.... I THINK THIS SHOULD DO THE TRICK !!! 
    }
} catch(ErrorException $e) {
    echo $e->getMessage();
}
Floccinaucinihilipilification.
  • 512
  • 6
  • 13
  • So does this return all the data using POST method instead of GET once user is logged in? – MeanEYE Feb 28 '11 at 13:53
  • `$fname = $openid->ret_fname(); $lname = $openid->ret_lname(); $email = $openid->ret_email();` You will get all values of fname, lname,email in these php variables. Now you can use them as u like. I prefer setting them in your session. – Floccinaucinihilipilification. Mar 02 '11 at 11:42
0

It's possible that it is not possible, according to the top answer to this question: Response.Redirect with POST instead of Get?

The authentication response from Google back to your page handler might be a "request" rather than a "redirect" though, so I'm still not sure.

Redirecting yourself after a response using a POST as above seems a good workaround.

Another solution might be to bury the whole process using AJAX.

Community
  • 1
  • 1
Ed Randall
  • 6,887
  • 2
  • 50
  • 45