phppostopenidlightopenid

LightOpenID authentication using POST method

Is there a way to authenticate using LightOpenID library using POST method? To be exact, after authenticating, Google (for example) returns to specified URL but all data is sent to me using GET method, which ends up in ugly and long URL.

My code is:

define('BASE_URL', 'http://someurl.com');

try {
    $openid = new LightOpenID();

    if (!isset($_GET['openid_mode'])) {
        // no openid mode was set, authenticate user
        $openid->identity = 'https://www.google.com/accounts/o8/id';
        $openid->realm = BASE_URL;
        $openid->required = array('contact/email');

        header('Location: '.$openid->authUrl());

    } else if ($_GET['openid_mode'] == 'cancel') {
        // user canceled login, redirect them
        header('Location: '.BASE_URL);

    } else {
        // authentication completed, perform license check
        if ($openid->validate()) {
            $openid->getAttributes();
        }
    }

} catch (ErrorException $e) {

}

So after authentication OP returns to url that looks something like this:

http://someurl.com/index.php?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://www.googl...

And I want the OP to return to:

http://someurl.com/index.php

and send all the data using POST not GET.

Solution

  • I've been working on the same. See the code below. I think this should help.

    <?php 
require 'lightopenid/openid.php';
try {
    $openid = new LightOpenID;                       
    if(!$openid->mode) {
        if(isset($_GET['login'])) {
            $openid->identity = 'https://www.google.com/accounts/o8/site-xrds?hd=yourdomain.com';         
        $openid->required = array('namePerson/friendly', 'contact/email' , 'contact/country/home', 'namePerson/first', 'pref/language', 'namePerson/last'); 
            header('Location: ' . $openid->authUrl());    
        }
?>
<form action="?login" method="post">
    <button>Login with Google</button>
</form>
<?php
    } elseif($openid->mode == 'cancel') {
        echo 'User has canceled authentication !';
    } else {
        session_start();
        $fname = $openid->ret_fname();                        // setting session
        $lname = $openid->ret_lname();                        // setting session
        $email = $openid->ret_email();                        // setting session
        $_SESSION['admin']['name'] = $fname.' '.$lname;       // setting session
        $_SESSION['admin']['emailID'] = $email;               // setting session

        header('Location:approve.php');  // PUT YOUR PAGE/URL HERE.... I THINK THIS SHOULD DO THE TRICK !!! 
    }
} catch(ErrorException $e) {
    echo $e->getMessage();
}