100 Comments

  1. I stumbled over Your CI forums post and since I plan to offer OpenID integration I gave it try.

    Already THANKS for Your effort, it’s a pretty easy, well packaged step by step tutorial.

    So:

    I’ve installed it, created an account on claimid, but I cannot get it working, see
    http://tomcode.com/inside/codeigniter/openid/index.php/test

    The URL seems to be good, I get the first time a login form after filling it out, but returned to my site I get :

    OpenID authentication failed: Server denied check_authentication

    When I try a second time , I only get the Server denied info, no more the login form. (I found that out by switching the browser).

    What am I doing wrong ? … my mind-blower level is pretty low these days …

    My contribution : http://tomcode.com/inside/codeigniter/zips/open_id_lang_en_fr_de_000.zip

  2. Hello Thomas, I have gone to your site and tested with my own OpenID and it has worked fine for me.

    However, if you still encounter the check_authentication issues you could try out the hack I suggest in “if it doesn’t work?” Read from “Another glitch I encountered on my localhost is that the server would deny my authentication request. This is probably an…” onwards. I still have to research what exactly the consequences of doing that will do :)

    Which browser are you using? Most OpenID sites require cookies to be saved so that might be the issue.

  3. What do You mean by it works for You ? Did You get the green identity confirmation ? Using Your hack on localhost I get it, but that’s not a solution.

    I work on Mac OS Leopard, tried with Safari, FF and Opera, all show the same result. . Same with IE, FF under Windows 7 in a VirtualBox.

    So, apparently the provider logs in and sets the cookie. The server answer seems not well treated, since changing Browser, deleting Cookies or using a wrong password shows the login form on the second try.

    Unfortunately I do not have the time for thorough testing.

  4. i’ve read about OpenID in Wikipedia and got a brief image of what it is.However, what are the benefits of using OpenID?
    ..are your spelling mistakes intentional,by the way?

  5. @p.: the benefits of using OpenID are slightly out of the scope of this article, as here I am assuming the user is familiar with the system and wants to know how they can use it.

    However, in a nutshell, with OpenID you are able to be identified online by a single URL. This is used in place of a username and password. The benefits are:
    1) You store your personal information yourself instead of trusting it to a third party organisation
    2) It’s a lot easier to remember.
    3) Speeds up registration process and simplifies login systems on OpenID enabled websites.
    4) Easier for you to manage than having so many web presences – especially when updating profile information.
    5) Less hassle if you want to start using another website that requires a user system.

    @Thomas Traub: Congratulations! I’m happy the guide has helped and I’m sure you know how to continue from now :) Thanks for your contributions by the way.

  6. Arnas, this tutorial was about the other way around sorry ;) Perhaps next time.

    Do you want to do a public openID provider that many people can sign up for, or just for yourself?
    You might be interested in PHPMyID (Google it) but that only works on non hardened PHP installs. I am running on PHP Suhosin so I cannot run it :(

    Good luck :)

  7. Arnas, though I haven’t yet played with the possibility of creating an OpenID provider with CodeIgniter, I would probably suggest that perhaps a mod_rewrite with a .htaccess file would be sufficient to give those URLs.

    I’ll do some research into this as I personally would also like to become a provider. I’ll let you know how things go (well, I’ll post about it on this blog if I find out).

    Meanwhile, good luck!

  8. Put this .htaccess file into Your web space root

    RewriteEngine On
    RewriteBase /

    RewriteCond %{REQUEST_URI} ^/user.*
    RewriteRule ^(.*)$ /server/server.php?/$1 [L]

    this points to Your default controller.

    If You want to use another controller, reoplace the line
    RewriteRule ^(.*)$ /server/server.php?/$1 [L]

    with:
    RewriteRule ^(.*)$ /server/server.php?another_controller/$1 [L]

    You can read further
    http://codeigniter.com/wiki/mod_rewrite/

    On some servers the if clause does not work.

  9. Correction of the above :

    wrong : ‘this points to Your default controller.’

    right : ‘this points to controller user.’

  10. Hey,
    I was trying this out, did exactly as it said. Just seems to think that my valid openid is well not valid.

    Authentication error; not a valid OpenID.

    Tried your fixing steps but to no avail. Any help?

  11. @Matt Reider: Yes the login method and the logout method are all still up to your existing system, and you may do it however you want – cookies, session, etc. This simply acts as a sort of “pre-validation” before your normal user registration/login system takes over.

    Glad you enjoyed it!

  12. @Julian: I get a 404 error from your Google link. However assuming Google kept to the OpenID specification (Google does have quite a bad habit of tweaking things unfortunately) it should work, and if it doesn’t it should be quite minor to update it so it does.

  13. Hi Dion, thanks for your response.
    The end bracket broke the link, sorry. I have an app that need to integrate with Google OpenID, just curious if anyone have tried it before. Probably I will try it during the week and will share with you any results or questions.

    Thanks.

  14. Doh! How could I not have noticed that :)

    Upon looking at the page I realise that unfortunately no, this will require modifications to work with Google accounts. This is because OpenID should work with a service URL, but Google (again, they frustratingly love tweaking stuff) here has implemented another layer to allow people to use their familiar account details, then go through the Google servers to create a service URL … all of which will be transparent to the user.

    As per the link you provided, you will have to implement steps 1, 2, 3, 4, that Google describes, but once you have the endpoint address, with a couple quick edits here and there I don’t see why not the tutorial above could help speed up the process. After all, it’s still using OpenID.

    Of course though it’s never as simple as it sounds, so good luck with your web application!

  15. Thanks Dion. I will try it later and will tell you if success or not.

    One question that probably you already know (and I still wondering about). Do you know if I have my web application with Google OpenID support, when the user signs in using Google OpenID, it automatically is logged to other Google services such as email, for example?

    Thanks, nice blog.

  16. on my site running on osx with mamp it does because of: Use of undefined constant PAPE_AUTH_MULTI_FACTOR_PHYSICAL – assumed ‘PAPE_AUTH_MULTI_FACTOR_PHYSICAL’

    I’ve verified the location of the files, etc and everything is there. Anyone seen this before related to this implementation approach for OpenID?

    Thanks
    Nick

  17. Nick, I have no experience with OSX nor with MAMP – but I would suggest you quickly dump it on a live server running on Linux and see if it works. If it does I would simply manually override the PAPE issues (just reverse engineer to see what is causing it – then just `return true` or something) when using it on you MAMP as the production environment is likely to be Linux anyway.

    If your production environment is going to be OSX then sorry I have no other suggestions.

  18. Through a lot of searching, I have found this error

    Call to undefined function dl() in \system\application\libraries\Auth\OpenID\BigMath.php on line 380

    [LINE 380] if (@dl($module . “.” . PHP_SHLIB_SUFFIX)) {

    The error comes when I take away the @. This is the point at which my script is dieing, as far as I can tell.

    Do you have any pointers?

  19. Well taking away the @ simply supresses the error, which isn’t much use at all. I think the error mainly lies with if you are loading the libraries in step 1 properly. You need to find a way to check whether nor not those are loaded properly.

  20. This is the only article in the whole Internet completely describing how to integrate OpenID to the existing registration system on CI. Thank you, thank you, thank you!!!

  21. Hi Dion,

    I’m still having a load of problems with this. I think maybe because I don’t have php_gmp installed properly. I’m using WAMP, and I don’t expect you to have a lot of experience with that.

    Do you have a working example of your setup, so that I can see how it works?

    Regards,
    Charlie

  22. http://failnation.e2-productions.com/ is one implementation I’ve done from this method. Look at the box “Log in or Register” around the top right. You may type in the OpenID URL in the top input box (the one next to the tos link). You may leave the password field below it blank and press “Sign in”.

    And no, I don’t have much experience with WAMP. Perhaps you might want to check your compiler flags if you’re compiling PHP?

    http://wipup.org/ is the full site (in progress) which has a modified implementation such that it works on Kohana (a CodeIgniter derivative).

    Have you tried running just the test controller by itself? If that doesn’t work, then there’s something fundamentally wrong with your setup.

  23. Thanks for the fast reply Dion, I tried using my gmail account to login to that site, but it said my username had to be smaller.

    I meant a basic ‘download & test’ one so that I can see if it’s my server setup or just me being an idiot.

    Thanks

  24. Whoops! The length check must’ve kicked in before the OpenID could do it’s magic. Also as a note you Google’s implementation of so-called “OpenID” isn’t like the others. To implement a Google login the method I described in my post is inapplicable. See my discussion with Julian in the comments above.

    I would also recommend uploading your setup to a LAMP setup – that should determine where the problem is.

    I’ve emailed you a fresh CI installation with step 1 implemented. Run the test controller and see if it works :) (if you run into perm issues just chmod as necessary)

  25. Hey there I am getting this issue:

    OpenID authentication failed: Invalid openid.mode ”

    Any idea how to fix this? I tried doing the hack but still not working. Also google does not work any idea why it says its not a valid openid? thanks for contribution.

  26. This installed easily and verifies OpenID’s correctly! However, I am not getting any of my requested additional data – nickname, fullname, email, etc. – returned. What am I missing?

  27. Hey Dion Moult,

    I followed your tutorial step by step. I tried using Yahoo as my provider since google would not work for me.

    I sign in successfully and get this error message:

    OpenID authentication failed: Invalid openid.mode ”

    I figured it was the url thing and I tried doing some mod-rewriting as well but no luck!

  28. Theo, Google does not follow the same original OpenID specifications, as discussed above. Nor does Facebook or Yahoo as far as I know. Unfortunately further work is needed to incorporate these “providers”.

    Try with a wordpress account, myopenid, etc.

  29. Update – after installing it on my web host (as opposed to working on my development system) – it seemed to start working. :)

  30. @Theo – You need to allow “? and &” in the codeigniter URL (in your config) and also remove the ? from .htaccess if you are using it (look for index.php? and remove the ?. This works for me anyway, with no side-effects.

    I am also not getting any user info back, this line:
    $sreg = $sreg_resp->contents();
    akways seems to be null. Anyone having this problem?

  31. No – but $nickname is empty so I have been logging everything.

    Looking through this function in SReg.php under the OpenID folder:


    function fromSuccessResponse(&$success_response, $signed_only=true)
    {
    global $Auth_OpenID_sreg_data_fields;

    $obj = new Auth_OpenID_SRegResponse();
    $obj->ns_uri = $obj->_getSRegNS($success_response->message);

    if ($signed_only) {
    $args = $success_response->getSignedNS($obj->ns_uri);
    } else {
    $args = $success_response->message->getArgs($obj->ns_uri);
    }

    if ($args === null || Auth_OpenID::isFailure($args)) {
    return null;
    }

    foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) {

    if (in_array($field_name, array_keys($args))) {
    $obj->data[$field_name] = $args[$field_name];
    }
    }

    return $obj->data;
    Console::log($obj);
    }

    It seems like the foreach loop their gets nothing out. Do you get nickname and so on? I have tried with google and yahoo – they should provide the nickname?

    There is actually a newer version here http://cakebaker.42dh.com/2008/02/06/new-version-of-the-openid-component/ – I tried to step through it and convert it for use in CodeIgniter but keep getting lost, I believe the version on the wiki comes from the previous version of this.

  32. I’ve been trying it with vanilla openid hosts, such as MyOpenID, WordPress, or MyID, etc. Can you quickly create an account on one of those and see if it works with those?

    As for the Cake component as far as I know it has nothing to do with the CI libraries I used in this.

    Also, like VikR, perhaps you could upload it to a live server and see if it works there? It could be a localhost specific problem.

  33. They all seem to authenticate – Google,Wordpress,Yahoo and the test controller says that the id has been verified. Just no nickname or other data as far as I can tell.

    Actually if you look at the Wiki page the code is attributed to the same link as above – I think I read that someone had converted it over for use in CI. This is just the base openid.php in the libraries folder.

    Unfortunately I don’t think Zend OpenID supports Google or Yahoo, just straight openid providers that give you a URL.

    Stumped!

  34. Chris, sorry I’m stumped as well. The only thing I have left to suggest is that if you’re not running this on a live server go and put it up – localhost settings may be a bit quirky or at least your own installation of PHP might not have the right stuff compiled in (but then again, most of those normally should produce errors).

  35. Since you love it so much, a big “thank you”… You made it even more easy to implement the openid library. And also a “thank you” to all the people who left a comment with their tips!

  36. Thanks for your post! However, i got these problems when implementing openid login function with CodeIgniter’s OpenID library intergrated:

    – Does any one know how to get email address with response from google? i could only get the “nickname” even though i tried the line of code below within openid.php file in config directory c “$config[‘openid_required’] = array(‘nickname’,’email’);”.

    – Secondly, when i tried to login with yahoo openid, i’ve always receive this message “Authentication error; not a valid OpenID”.

    Could any one please give me some help on these?
    thanks in advanced!

  37. Hello tuanka,
    As mentioned before Google runs a slightly different implementation of OpenID and I won’t be surprised if Yahoo does too. In fact, I’m quite surprised it managed to get the nickname from Google. In fact, I don’t understand _how_ it even asked for a nickname – Google’s (and Yahoo’s) requires both an email _and_ a password, whereas this tutorial only allows for single-URL identifiers. What did you use as your identifier string for each one?

  38. Firstly, i want to thank you for your answer, Dion. Actually, i did not do anything special but exactly whatever i got from OpenidLibrary and to follow your tutorial. One thing to remind you is that, when i tested the site of Thomas, it worked the same way as mine except Thomas’ example can do with Yahoo openid too, that’s what my example keep saying “Authentication error; not a valid OpenID”.

    I’ve got another matter that i need your help. This problem happened when i tested with myopenid and the others(not google or yahoo), i got the message “OpenID authentication failed: Nonce already used or out of range”. What is that problem as i’ve been seaching with google and bing then got stuck without any clue. Please help!!! Thanks all of you!

  39. Sorry for the late reply – I don’t quite understand. Yahoo, Google and the like’s implementation of OpenID require an indentifier as well as a password, not just a standalone URL like other providers. However in this tutorial it only supports a single input – for the standalone URL. So what did you input to test for Yahoo openid?

    As for the nonce already used or out of range issue, check the timestamp settings on your server. Make sure it is synchronised properly. It sounds like the nonce isn’t cleared before reauthenticating. Did you try wait a couple minutes between reauthentication attempts?

    See for more information: http://lists.openidenabled.com/pipermail/dev/2008-February/001068.html

  40. Hi Dion! thank you for your reply! to your question, i did not do anything special with google openid login. I just used the single URL like i did with other openid providers.

    As for the nounce already userd or out of range problem, i’ve already tried what you recommeded but still got the same result.

    Does anyone here have any idea to implement openid login funtion with yahoo or google, please make a post here, any help would be appreciated!

  41. I just followed this tutorial and used my Google OpenID to verify it. When I am logged out of Google, I simply enter my google URL, and then I am redirected to a Google page and asked for my password. The Google page says something for the effect “SomeDomain.com wants to reguest more information”. I put in my password to login, and then it redirects me back to my site and the openid success page.

    I didnt change anything for it to work like this.. it just did. It would be nice however to get the nickname and email from google however.

  42. Surprised! it does not wok for me. Bryan, it’s great to put you code here so everyone can save a lot of work. I think that, not only i am but so many others have been struggling with this problem. Thanks.

  43. Hello tuanka – if it uses Janrain’s OpenID library it would be great if you can share with the rest of us :) I’d be happy to link to it in the blog post and credit you.

  44. hi

    i would like to get help from you , now i am trying to explain what i want ,

    1) create a user interface for sign-in by google connect and google apps connect , can i use this for it?

    2) if yes then in this library how can i set or what should i change in this library

    thanks
    Ehsan-ul-haq

  45. When I try enter my OpenID url and hit tell it to verify I get a blank page.

    I tried integrating the same library myself and hit the same issue, and I tried figuring out what line was causing the problem but it seems like each attempt I would get stuck on a different line.

    I’m testing on a development workstation running Ubuntu 10.10 I have installed the php-curl package. I’m a former Unix/Linux system administrator turned programmer, so I can fairly easily follow instructions if people have ideas.

    I’m just REALLY frustrated as it seems very inconsistent in where it fails.

  46. William, this means your script is stopping somewhere before finishing. Insert a die() statement to check whether or not execution is still working as expected up to the die() point. If it is, follow the path of the code and move the die() statement as appropriate until you find the exact area which it fails in.

    Also, try dumping the files on a live server. It is likely to be something wrong with your setup.

    Once we know _where_ it is failing, we can find a fix.

  47. I don’t know CI 2.0, as I haven’t used CI in a while now (switched to Kohana). HMVC will probably mean you will place the libraries and functions in different locations and link them together differently, but the tutorial still applies in terms of principle.

  48. Two things to note for anyone who hits this. Yes it works for CI 2.0 and if you get the “nonce already used” errors.

    CHECK YOUR DATE. Your server’s date is probably off.

  49. scoohh – we need an error before we can attempt to debug your problem. Please increase your PHP error level (ie, show warnings) so that we can see if you are missing any libraries at the PHP level first – because that will be the most likely cause as you seem to be running the test script provided by the OpenID library.

  50. @Dion Moult – there is no error or warning that shows up. i followed steps 1 & 2 and when i’m about to test it, it doesn’t work.

Leave a Reply

Your email address will not be published. Required fields are marked *