如何在不请求 SReg 字段的情况下使用 OpenID 来区分/识别用户?
我一直在玩弄 JanRain OpenID PHP 库,主要是遵循我在 ZendZone 上找到的教程。
如何区分用户 - 尤其是 Google 用户,他们最终都使用相同的 OpenID URL,https ://www.google.com/accounts/o8/id?
基本上,我现在可以检测到他们有一个 OpenID 帐户...他们已成功通过身份验证...但我的应用程序仍然不知道他们是谁;只是他们经过了身份验证。
为了区分用户,本教程使用“简单注册请求”来请求 OpenID 提供商的用户电子邮件 - 然后使用电子邮件地址来查看这是否是回访用户。
它对我不起作用,并且显然不适用于某些提供商所以当我偶然发现一个函数 getDisplayIdentifier 时,我很兴奋。
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
// create file storage area for OpenID data
$store = new Auth_OpenID_FileStore('/wtv');
$consumer = new Auth_OpenID_Consumer($store);
$oid_response = $consumer->complete("http://example.com/oir_return");
if ($oid_response->status == Auth_OpenID_SUCCESS) {
$hopefullyUniqueUserID = $oid_response->getDisplayIdentifier(); // I assumed this would be a relatively permanent way to identify the user...
// I was wrong.
}
不幸的是,几个小时后,getDisplayIdentifier 返回的值发生了变化。
I've been toying with the JanRain OpenID PHP Library, mostly following along with a tutorial I found on ZendZone.
How does one distinguish between users - especially Google users, who all end up using the same OpenID URL, https://www.google.com/accounts/o8/id ?
Basically, I'm at the point where I can detect that they have an OpenID account... that they've successfully authenticated... but my app still doesn't know who they are; only that they authenticated.
To distinguish users, the tutorial uses a "Simple Registration request" to request the user's email of the OpenID provider - and then use email address to see if this is a returning user.
It wasn't working for me, and apparently won't work with some providers so I was excited when I stumbled upon a function getDisplayIdentifier.
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
// create file storage area for OpenID data
$store = new Auth_OpenID_FileStore('/wtv');
$consumer = new Auth_OpenID_Consumer($store);
$oid_response = $consumer->complete("http://example.com/oir_return");
if ($oid_response->status == Auth_OpenID_SUCCESS) {
$hopefullyUniqueUserID = $oid_response->getDisplayIdentifier(); // I assumed this would be a relatively permanent way to identify the user...
// I was wrong.
}
Unfortunately, after a couple of hours the value returned by getDisplayIdentifier changes.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
浏览代码,我认为这是您想要的
$oid_response->identity_url。 从 Google返回对我来说(尽管在 DotNetOpenAuth 中而不是 php-openid 中),它以
https://www.google.com/accounts/o8/id?id=AItOawmqjknrgk6f9cNdPIVxW43GewJPa1ZW4GE,其中 ID 部分是可重现的希望对我来说是独一无二的。然而,我没有留下几个小时来看看这种情况是否会发生变化,所以如果这是您已经从 getDisplayIdentifier 获得的内容,我深表歉意 - 但浏览一下源代码,它看起来只是使用第一部分,但我不同意PHP专家。
Skimming the code, I think it's
$oid_response->identity_urlthat you want. For me (albeit in DotNetOpenAuth not php-openid) that comes back ashttps://www.google.com/accounts/o8/id?id=AItOawmqjknrgk6f9cNdPIVxW43GewJPa1ZW4GEfrom Google, where the ID part is reproducible and hopefully unique to me. However I haven't left it a few hours to see if this changes, so apologies if this is what you already had from getDisplayIdentifier - but skimming the source it looks like it'd just use the first part, but then I'm no PHP expert.
问题在于 Google 的 OpenID 对于每个域都是唯一的;我心不在焉地在
http://www.mysite.com和http://mysite.com之间切换,导致 OpenID 身份 url 发生变化!The problem was that Google's OpenIDs are Unique Per-Domain; I had been absent mindedly alternating between
http://www.mysite.comandhttp://mysite.com, which caused the OpenID identity url to change!为什么不简单地使用 OpenID URL 来识别用户呢?将其视为独一无二,就像电子邮件地址一样。
Why not simply use the OpenID URL to identify users? Consider it unique like an email address.
根据下面的最后一段,您绝对应该使用响应对象的
identity_url属性(当然,这是参考 Python 库,但实现非常相似) ):来自 python-openid 文档。
According to the last paragraph below, you should definitely use the
identity_urlattribute of the response object (granted, this is in reference to the Python library, but the implementations are very similar):From the python-openid docs.