1. 技术文章
  2. How does OpenID user validation works?

How does OpenID user validation works?

牧云@^-^@ 提交于 2019-12-29 01:29:11

问题


Well im trying to implement Steam OpenID login to a website but im not quite sure how it's done and how does Steam validate users who are loged in with OpenID.

As for now what i have found out is that steam only gives user id back and nothing else so for the rest of things i would have to use API to get other info of the user.

But im not quite sure how does the users get validated on the website once someone is loged in via OpenID.

Do i need to make a session or set cookie or store user into database once user is logedin from OpenID?

try {
# Change 'localhost' to your domain name.
$openid = new LightOpenID('http://localhost/openid');
if(!$openid->mode) {
    if(isset($_GET['login'])) {
        $openid->identity = 'http://steamcommunity.com/openid';
        header('Location: ' . $openid->authUrl());
    }
echo '<li><a href="?login"><img border="0" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png" /></a></li>';
}

elseif($openid->mode == 'cancel') {
    echo 'User has canceled authentication!';
}

else {
    $_SESSION['loged']=1;

    header('Location: http://localhost/openid');

}

if(isset($_SESSION['loged'])) {

echo '<li><a href="?logout">Logout</a></li>';

}
if(isset($_GET['logout'])) {
    unset($_SESSION['loged']);
}

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

}

catch(ErrorException $e) {
echo $e->getMessage();
}

Im taking this code as an example

I guessing that 

if(!openid->mode)

means if openid is not set ? than i should show login button and go to openid provider to login if i press that button

And next is else if user don't login show cancel message

or next part is if user is loged in so since openid only returns user id i need to deal with him somehow and keep him logged in on my website, for that part i should set some session or cookie which i did set a session and redirected user back to home page.

But i don't understand few things.

Why my login button is shown all the time?

And this

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

Why it's not working? it always show user is not loggedin


回答1:


This is the code that I've used to authenticate via Steam's OpenID

<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";

// CHECK IF COOKIE EXISTS WITH PROFILE ID. IF NOT, LOG THE USER IN

try 
{
    $openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
    if(!$openid->mode) 
    {
        if(isset($_GET['login'])) 
        {
            $openid->identity = 'http://steamcommunity.com/openid/?l=english';    // This is forcing english because it has a weird habit of selecting a random language otherwise
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
    } 
    elseif($openid->mode == 'cancel') 
    {
        echo 'User has canceled authentication!';
    } 
    else 
    {
        if($openid->validate()) 
        {
                $id = $openid->identity;
                // identity is something like: http://steamcommunity.com/openid/id/76561197960435530
                // we only care about the unique account ID at the end of the URL.
                $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
                preg_match($ptn, $id, $matches);
                echo "User is logged in (steamID: $matches[1])\n";
                // HERE YOU CAN SET A COOKIE, SAVE TO A DATABASE, CREATE A SESSION, ETC.

                // This is an example of what you can do once you have the profile id    
                $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=$_STEAMAPI&steamids=$matches[1]";
                $json_object= file_get_contents($url);
                $json_decoded = json_decode($json_object);

                foreach ($json_decoded->response->players as $player)
                {
                    echo "
                    <br/>Player ID: $player->steamid
                    <br/>Player Name: $player->personaname
                    <br/>Profile URL: $player->profileurl
                    <br/>SmallAvatar: <img src='$player->avatar'/> 
                    <br/>MediumAvatar: <img src='$player->avatarmedium'/> 
                    <br/>LargeAvatar: <img src='$player->avatarfull'/> 
                    ";
                }

        } 
        else 
        {
                echo "User is not logged in.\n";
        }
    }
} 
catch(ErrorException $e) 
{
    echo $e->getMessage();
}
?>

This will present the user with a Steam Login ID button, which when it is clicked will redirect the user to the Steam Community login page. After they login, the user is sent back to your domain. This is what is set in the LightOpenID constructor. If the user has been validated, it will pull the unique player ID from the returned value. That returned value looks like http://steamcommunity.com/openid/id/76561194350435530, and you need just the 76561194350435530 part. Using this, you can query any of the Valve API's that take a Profile ID.

Setting cookies and sessions can be accomplished at the end of the login process.



来源:https://stackoverflow.com/questions/19170381/how-does-openid-user-validation-works

标签
php
session
cookies
openid
steam
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!