Zend Framework and Google OpenID Login

I wanted to use google’s federated login in my application and unfortunately found out that Zend Framework doesn’t support XRDS discovery. Fortunately (and as a testament to the size of the Zend Framework community) I wasn’t the first to hit this block and a patch was posted in the issue tracker. Not wanting to taint the library I added to my own library by extending the original and put in the patch to get this bad boy working. I also took it one step further and implemented part of the attribute exchange extension (the part that relates to specifically to the google spec. ). I’d like to get this fully done with unit tests, decoupled from google’s implementation and contributed back officially but until such time my updates can be downloaded here. Usage is the similar to that found in the original documentation except you’ll be instantiating Ak33m_OpenId_Consumer instead of Zend_OpenId_Consumer and using Ak33m_OpenId_Extension_Ax instead of Zend_OpenId_Extension_Sreg.

  19 comments for “Zend Framework and Google OpenID Login

  1. Jon
    October 9, 2009 at 5:24 am

    Wow, thanks for this – i’ll give it a test now.

  2. Jon
    October 9, 2009 at 5:30 am

    … It took me all of 5 minutes to get this working – this is a great extension, thanks and keep up the good work!


  3. Devon Weller
    October 27, 2009 at 9:08 pm

    If you would like to use Zend_Auth_Adapter_OpenId with this solution, then use this:


    Paste this file as Ak33m/Auth/Adapter/OpenId.php, and use Ak33m_Auth_Adapter_OpenId instead of Zend_Auth_Adapter_OpenId.

  4. Devon Weller
    November 21, 2009 at 1:04 pm

    As of a couple days ago, Google changed their OpenID implementation so that it no longer works with this class. I discovered the fix involves adding 4 lines of code. My updated version of Consumer.php can be found here:


    Akeem – I hope you can update your class for others to use. It has been very helpful for me.

  5. Jon
    December 9, 2009 at 3:38 pm

    Using this class I’ve started to receive intermittent “Authentication failedSignature check failed” when authenticating with Yahoo! OpenID. Can’t seem to figure out why…

    I can’t wait until Zend get around to officially supporting the latest standard of OpenID.

  6. May 23, 2010 at 3:26 pm

    This really hasn’t been fixed yet even in Zend 1.10. I’m a little disappointed that someone nominated a simple OpenID AX library for inclusion in 1.8.4 and afaik no one has made a move on it yet.

    Thanks for the AX implementation. Just a little note about Google OpenID support, though. If you want to use google apps instead of a google account there is a slightly different endpoint. To get around this I recommend change these lines:

    if ($server == ‘https://www.google.com/accounts/o8/ud’)


    if ( stripos($server,’google.com’) !== false )

    then it will work for both.

  7. August 29, 2010 at 5:01 pm

    Thank you for this great extension! it really works with no problem. thank you Devon Wellen for the patch.

  8. Ravi
    October 22, 2010 at 1:26 pm

    I am not able to get User Profile info using Ak33m_OpenId_Extension_Ax. Could you please guide me.

  9. Ravi
    October 25, 2010 at 1:57 pm

    //openid_identifier is https://www.google.com/accounts/o8/id

    $sreg = new Ak33m_OpenId_Extension_Ax(array(
    ‘fullname’=>false), null, 1.1);

    $status = “”;
    if (isset($_POST[‘openid_action’]) &&
    $_POST[‘openid_action’] == “login” &&
    !empty($_POST[‘openid_identifier’])) {
    $consumer = new Ak33m_OpenId_Consumer();
    if (!$consumer->login($_POST[‘openid_identifier’], ‘google_federated_login.php’, null, $sreg)) {
    $status = “OpenID login failed.”;
    } else if (isset($_GET[‘openid_mode’])) {
    if ($_GET[‘openid_mode’] == “id_res”) {
    $consumer = new Ak33m_OpenId_Consumer();
    if ($consumer->verify($_GET, $id, $sreg)) {
    $status = “VALID ” . htmlspecialchars($id);
    $data = $sreg->getProperties();

    if (isset($data[‘nickname’])) {
    echo “nickname: ” . htmlspecialchars($data[‘nickname’]) . “\n”;
    if (isset($data[‘email’])) {
    echo “email: ” . htmlspecialchars($data[‘email’]) . “\n”;
    if (isset($data[‘fullname’])) {
    echo “fullname: ” . htmlspecialchars($data[‘fullname’]) . “\n”;
    } else {
    $status = “INVALID ” . htmlspecialchars($id);
    } else if ($_GET[‘openid_mode’] == “cancel”) {
    $status = “CANCELLED”;

  10. Ravi
    October 25, 2010 at 2:08 pm

    The above script returns “VALID” status but does not return anything with getProperties.

  11. October 25, 2010 at 4:29 pm

    If you are using firgebug look at the requests and see if the data is coming back as a part of the redirect (you should be able to see the parameters in the url).

  12. October 25, 2010 at 7:37 pm

    Here is a small change in Ak33m_OpenId_Extension_Ax.
    In parseResponse($params) method :
    /*if (!empty($params[‘openid_ext1_type_’ . $prop])) {
    $props[$prop] = $params[‘openid_ext1_value_’ . $prop];
    if (isset($params[‘openid_ext1_type_’ . $prop])) {
    $props[$prop] = $params[‘openid_ext1_value_’ . $prop];
    } else {
    $props[$prop] = “”;

    The reason is:
    When we send array of OpenID fields to Ak33m_OpenId_Extension_Ax constructor, we set field required/optional; TRUE/FALSE.
    When we set TRUE and if profile does not have this particular field info , the script returns INVALID status. The above code fixes this.

  13. January 15, 2011 at 4:25 pm

    re Ravi
    your code is bad for google openid.

    right to get email from google openid:
    if (!empty($params[‘openid_ext1_type_’ . $prop])) {
    $props[$prop] = $params[‘openid_ext1_value_’ . $prop];

    wrong to get email from google openid
    if (isset($params[‘openid_ext1_type_’ . $prop])) {
    $props[$prop] = $params[‘openid_ext1_value_’ . $prop];
    } else {
    $props[$prop] = “”;

  14. teejay
    January 20, 2011 at 11:23 pm

    The Ax extension is not working for me :( every time u get an error from the verify function ($consumer->getError()) -> “Extension::parseResponse failure”. without extension everything works perfect, but i need at least the the emailadress for a google account back :(

  15. February 16, 2011 at 6:51 pm

    Hey! If the AX extension doesn’t work for you I found this one: http://framework.zend.com/issues/browse/ZF-7328 and works lovely, so I mix the ak33m consumer + this new ax extension, works with google accounts! \o/, hope this help someone.

  16. Mika
    March 11, 2011 at 8:47 am

    I’m using ZF 1.11.3, what about this version does it include a fix like the one here, or do we need to use this extension to get things working ?


  17. BertC
    August 27, 2011 at 10:16 pm

    I am running ZendFramework 1.11 and in the Zend_OpenID_Consumer the $_session variable is private. But the Ak33m_OpenId_Consumer class is using it on line 186, generating an error.
    I switched the var in Zend_OpenId_Consumer to protected and it seems to work now. (Although I am still in the process of getting this it to work completely :-) )

    Also, question, are all the patched mentioned in the comments above patched in the version I just downloaded?

  18. August 29, 2011 at 1:53 pm

    I’m not sure if the patch has been applied to ZF but I’ll have to look into it more and get back to you. This site that I built using the extension uses 1.11 but I’ll confirm and get back to you

Leave a Reply

Your email address will not be published. Required fields are marked *