CakePHP and OpenID

Published on and tagged with cakephp  component  openid  tutorial

This article is outdated, there is a newer tutorial!

You probably heard about OpenID, the open, decentralized, free framework for user-centric digital identity. It allows you to authenticate with just your URI and a password for all services which support OpenID.

The integration of OpenID into your (CakePHP) application is rather simple, and I wrote an OpenID component to make it even easier. Here the installation steps:

  • Download the PHP OpenID library (thanks to poLK for pointing me to this library) (the necessary files are now bundled with the component)
  • Get the OpenID component and place it in app/controllers/components
  • Put the folders “Auth” and “Services” from the zip to one of your vendors folders
  • If you don’t have the GMP or BCmath extension installed resp. enabled you have to add define(‘Auth_OpenID_NO_MATH_SUPPORT’, true); to Auth/OpenID/Consumer.php

Ok, when this is done, we can start with coding.

As usual when using a component we have to add it to the components array in our controller:

var $components = array('Openid');

Now we can implement our login action. It will perform three tasks: 1) Showing the login form where the user has to provide his/her OpenID URI, 2) Processing the login form and starting the authentication process, and 3) Processing the response of the OpenID server (see “OpenID protocol” for a high-level description of the protocol). So the skeleton of our login action looks like:

function login() {
    if (!empty($this->data)) {
       // handle form submission
    } else {
        if (count($_GET) > 1) {
            // process response from OpenID server
        }
    }
}

Step 1 is obvious, so I will move directly to step 2: Processing the login form and starting the authentication process. The authenticate function expects three parameters: the OpenID URI, the URL to which the OpenID server will redirect after the authentication process, and a trust root. I am not sure what this “trust root” is, up to now I didn’t found a good explanation. If you know one, please let me know…

if ($this->User->create($this->data) && $this->User->validates()) {
    $this->Openid->authenticate($this->data['User']['openid'], 'http://'.$_SERVER['SERVER_NAME'].'/users/login', 'http://'.$_SERVER['SERVER_NAME']);
}

The last step is to verify whether the authentication process was successful. If that is the case you usually set some session variables and redirect to a secured page.

$response = $this->Openid->getResponse();

if ($response->status == Auth_OpenID_SUCCESS) {
    // successfully authenticated
}

Ok, that’s it. Here the entire action:

function login() {
    if (!empty($this->data)) {
        if ($this->User->create($this->data) && $this->User->validates()) {
            $this->Openid->authenticate($this->data['User']['openid'], 'http://'.$_SERVER['SERVER_NAME'].'/users/login', 'http://'.$_SERVER['SERVER_NAME']);
        }
    } else {
        if (count($_GET) > 1) {
            $response = $this->Openid->getResponse();

            if ($response->status == Auth_OpenID_SUCCESS) {
                // successfully authenticated
            }
        }
    }
}

To test this action you need a valid OpenID, which you can get for example at MyOpenID.

Personally, I am switching to OpenID as it looks pretty cool and I can get rid of quite some code.

Anyway, have fun with OpenID :)

Update 2007-03-02: Installation instructions modified as now the necessary vendor files are bundled with the component.

66 comments baked

© daniel hofstetter. Licensed under a Creative Commons License