Zend Framework and Google OpenID Login

September 20, 2009

I wanted to use google’s federated login in my application and unfortunately found out that Zend Framework doesn’t support XRDS discovery. Fortunately (and as a testament to the size of the Zend Framework community) I wasn’t the first to hit this block and a patch was posted in the issue tracker. Not wanting to taint the library I added to my own library by extending the original and put in the patch to get this bad boy working. I also took it one step further and implemented part of the attribute exchange extension (the part that relates to specifically to the google spec. ). I’d like to get this fully done with unit tests, decoupled from google’s implementation and contributed back officially but until such time my updates can be downloaded here. Usage is the similar to that found in the original documentation except you’ll be instantiating Ak33m_OpenId_Consumer instead of Zend_OpenId_Consumer and using Ak33m_OpenId_Extension_Ax instead of Zend_OpenId_Extension_Sreg.

19 Responses

  1. Wow, thanks for this – i’ll give it a test now.

  2. … It took me all of 5 minutes to get this working – this is a great extension, thanks and keep up the good work!

    Jon.

  3. Devon Weller

    October 27th, 2009

    If you would like to use Zend_Auth_Adapter_OpenId with this solution, then use this:

    http://pastie.org/672818

    Paste this file as Ak33m/Auth/Adapter/OpenId.php, and use Ak33m_Auth_Adapter_OpenId instead of Zend_Auth_Adapter_OpenId.

  4. Devon Weller

    November 21st, 2009

    As of a couple days ago, Google changed their OpenID implementation so that it no longer works with this class. I discovered the fix involves adding 4 lines of code. My updated version of Consumer.php can be found here:

    http://pastie.org/709058

    Akeem – I hope you can update your class for others to use. It has been very helpful for me.

  5. Using this class I’ve started to receive intermittent “Authentication failedSignature check failed” when authenticating with Yahoo! OpenID. Can’t seem to figure out why…

    I can’t wait until Zend get around to officially supporting the latest standard of OpenID.

  6. This really hasn’t been fixed yet even in Zend 1.10. I’m a little disappointed that someone nominated a simple OpenID AX library for inclusion in 1.8.4 and afaik no one has made a move on it yet.

    Thanks for the AX implementation. Just a little note about Google OpenID support, though. If you want to use google apps instead of a google account there is a slightly different endpoint. To get around this I recommend change these lines:

    if ($server == ‘https://www.google.com/accounts/o8/ud’)

    to:

    if ( stripos($server,’google.com’) !== false )

    then it will work for both.

  7. Thank you for this great extension! it really works with no problem. thank you Devon Wellen for the patch.

  8. I am not able to get User Profile info using Ak33m_OpenId_Extension_Ax. Could you please guide me.

  9. //openid_identifier is https://www.google.com/accounts/o8/id

    $sreg = new Ak33m_OpenId_Extension_Ax(array(
    ‘nickname’=>false,
    ‘email’=>true,
    ‘fullname’=>false), null, 1.1);

    $status = “”;
    if (isset($_POST['openid_action']) &&
    $_POST['openid_action'] == “login” &&
    !empty($_POST['openid_identifier'])) {
    $consumer = new Ak33m_OpenId_Consumer();
    if (!$consumer->login($_POST['openid_identifier'], ‘google_federated_login.php’, null, $sreg)) {
    $status = “OpenID login failed.”;
    }
    } else if (isset($_GET['openid_mode'])) {
    if ($_GET['openid_mode'] == “id_res”) {
    $consumer = new Ak33m_OpenId_Consumer();
    if ($consumer->verify($_GET, $id, $sreg)) {
    $status = “VALID ” . htmlspecialchars($id);
    $data = $sreg->getProperties();

    if (isset($data['nickname'])) {
    echo “nickname: ” . htmlspecialchars($data['nickname']) . “\n”;
    }
    if (isset($data['email'])) {
    echo “email: ” . htmlspecialchars($data['email']) . “\n”;
    }
    if (isset($data['fullname'])) {
    echo “fullname: ” . htmlspecialchars($data['fullname']) . “\n”;
    }
    } else {
    $status = “INVALID ” . htmlspecialchars($id);
    }
    } else if ($_GET['openid_mode'] == “cancel”) {
    $status = “CANCELLED”;
    }
    }

  10. The above script returns “VALID” status but does not return anything with getProperties.

  11. If you are using firgebug look at the requests and see if the data is coming back as a part of the redirect (you should be able to see the parameters in the url).

  12. Here is a small change in Ak33m_OpenId_Extension_Ax.
    In parseResponse($params) method :
    /*if (!empty($params['openid_ext1_type_' . $prop])) {
    $props[$prop] = $params['openid_ext1_value_' . $prop];
    }*/
    if (isset($params['openid_ext1_type_' . $prop])) {
    $props[$prop] = $params['openid_ext1_value_' . $prop];
    } else {
    $props[$prop] = “”;
    }

    The reason is:
    When we send array of OpenID fields to Ak33m_OpenId_Extension_Ax constructor, we set field required/optional; TRUE/FALSE.
    When we set TRUE and if profile does not have this particular field info , the script returns INVALID status. The above code fixes this.

  13. re Ravi
    your code is bad for google openid.

    right to get email from google openid:
    if (!empty($params['openid_ext1_type_' . $prop])) {
    $props[$prop] = $params['openid_ext1_value_' . $prop];
    }

    wrong to get email from google openid
    if (isset($params['openid_ext1_type_' . $prop])) {
    $props[$prop] = $params['openid_ext1_value_' . $prop];
    } else {
    $props[$prop] = “”;
    }

  14. The Ax extension is not working for me :( every time u get an error from the verify function ($consumer->getError()) -> “Extension::parseResponse failure”. without extension everything works perfect, but i need at least the the emailadress for a google account back :(

  15. Hey! If the AX extension doesn’t work for you I found this one: http://framework.zend.com/issues/browse/ZF-7328 and works lovely, so I mix the ak33m consumer + this new ax extension, works with google accounts! \o/, hope this help someone.

  16. Hi,
    I’m using ZF 1.11.3, what about this version does it include a fix like the one here, or do we need to use this extension to get things working ?

    Thanks

  17. [...] Posted on March 15, 2011 by News How to use openid extensions with google? I have something like this, I allready applied some patches which are basically the same as here: http://ak33m.com/?p=71 [...]

  18. I am running ZendFramework 1.11 and in the Zend_OpenID_Consumer the $_session variable is private. But the Ak33m_OpenId_Consumer class is using it on line 186, generating an error.
    I switched the var in Zend_OpenId_Consumer to protected and it seems to work now. (Although I am still in the process of getting this it to work completely :-) )

    Also, question, are all the patched mentioned in the comments above patched in the version I just downloaded?

  19. I’m not sure if the patch has been applied to ZF but I’ll have to look into it more and get back to you. This site that I built using the extension uses 1.11 but I’ll confirm and get back to you

Leave a Reply