how to verify google openid response

前端未结

关注

 4  913

日久生厌 2021-01-22 14:15

I\'m trying to add authorization throw google openid to my users. I\'m receiving id (https://www.google.com/accounts/o8/id?id=AIt...Ew-Bo) but how can i check that it\'s legit.

4条回答

遇见更好的自我 (楼主)

2021-01-22 14:48

public function verify_response()
       {$params=$_REQUEST;
        $query=array('openid.signed'=>$params['openid.signed'],
                     'openid.sig'=>$params['openid.sig'],
                     'openid.mode'=>'check_authentication'
                    );
        $keys=explode(',', 'openid.'.strtr($params['openid.signed'], array(','=>',openid.')));
        foreach ($params as $k=>$v)
                {if (in_array($k, $keys))
                    {$query[$k]=$v;
                    }
                }
        $query=http_build_query($query);
        $response=file_get_contents($params['openid.op_endpoint'].'?'.$query);
        return stripos($response, 'is_valid:true')!==false;
       }

0 讨论(0)

查看其它4个回答