Implementing an OpenID controlleur (consumer)

[laurentj]

OpenID is an decentralized authentification système. See  http://openid.net/

It could be usefull if there is a driver for jAuth, to use OpenId? for an authentification.

[laurentj]

Since OpenID gains popularity, it should be provided as soon as possible in Jelix (at least the consumer API)

[laurentj]

I think we could use this library :  http://openidenabled.com/php-openid/. Reasons:

* I think this is the most completed implementation of Openid * It works on PHP 5.2 * We have classes to create a consumer, as well as a server * It can used any backend to store data: a file, a database etc.. By default, it uses PEAR:DB, but we will provide our own backend, based on jDb/jDao (so no dependencies with PEAR:DB).

Note: a storage backend should inherits from Auth_OpenID_OpenIDStore

[brunto]

The driver will be available very soon

[brunto]

Attach a tar with files for testing. The store function must be improve to use any backend.

[brunto]

Do not use the previous attachment, use this one

[laurentj]

After a quick review of the code :

• the coord plugin is empty. perhaps we could include all openid options in the ini file of the auth plugin. And in the documentation, just says "copy this parameters into the ini file...".
• openid class
  • do we really need to change the include_path configuration ?
  • we could put the content of loadClasses directly into the constructor, or, if include_path is not needed, directly at the begining of the file
  • $pape_policy_uris : use a static property of the class instead of a global variable
  • no exit(), print etc, for errors : use jException
  • Auth_OpenID_FileStore : I don't know if it is really relevant. Perhaps we could save informations via jAuth... need to investigate...
  • Perhaps you should replace all values returned by finish() and verif() by numerical constants. I think it could be better to generate exceptions instead of returning error code. But I saw this code is used in the redirection.. mmm...
  • header("Location: ".$redirect_url); < no redirection inside a business class ! A redirection should be made by the controller
• openidCtrl
  • If I well understand your code, the "in" action is called twice : a first time to initiate the login process, and a second time when the user come back from his provider's pages. If this is ok, I think you should separate into two distincts action
  • Again, no exit, no print. And I don't like how openidenabled handle the case where js is deactivated. I would prefer to use a template.. Are you sure there is no another way ?

That's all for the moment :-)

[brunto]

Replying to laurentj:

* the coord plugin is empty. perhaps we could include all openid options in the ini file of the auth plugin. And in the documentation, just says "copy this parameters into the ini file...".

Ok it will be better

* openid class * do we really need to change the include_path configuration ?

All the classes in php-openid/Auth/ need it. I'll try to find a best way.

* Auth_OpenID_FileStore : I don't know if it is really relevant. Perhaps we could save informations via jAuth... need to investigate...

I don't know.

* openidCtrl * Again, no exit, no print. And I don't like how openidenabled handle the case where js is deactivated. I would prefer to use a template.. Are you sure there is no another way ?

It's the openidenabled class who generate the JS form. I'll try to find an another solution to use a template.

For the other point, i'm working on it.

:)

[brunto]

Added support of the identification

[brunto]

I must improve the management of the users datas openid because for the moment you must fill $paramsToReturn in openid.classic.php